[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: certificate which has both AIA and CRL DPs

To: "'Hiroyuki Sakakibara'" <sakaki@xxxxxxxxxxxxxxxxxxx>, ietf-pkix@xxxxxxx
Subject: RE: certificate which has both AIA and CRL DPs
From: Ambarish Malpani <ambarish@xxxxxxxxxxxx>
Date: Mon, 13 Dec 1999 18:49:42 -0800

Hi,
    The certificate that you are planning to issue is perfectly
legal. Unfortunately, the answer to Question2 is not specified
in the standards. It is up to the application to decide how it
wants to prioritize the different validation methods.

It is perfectly legal for the application to ask in the following
order:

OCSP server-2
CRL DP-1
OCSP server-1
CRL DP-2

or any other order it chooses.

Regards,
Ambarish

---------------------------------------------------------------------
Ambarish Malpani
Architect                                                650.567.5457
ValiCert, Inc.                                  ambarish@valicert.com
1215 Terra Bella Ave.                         http://www.valicert.com
Mountain View, CA 94043-1833


> -----Original Message-----
> From: Hiroyuki Sakakibara [mailto:sakaki@iss.isl.melco.co.jp]
> Sent: Tuesday, December 07, 1999 6:47 PM
> To: ietf-pkix@imc.org
> Subject: certificate which has both AIA and CRL DPs
> 
> 
> Hello
> 
> I would like to generate a certificate which has
> both AIA and CRL DPs.
> 
> Question1 : In RFC2459 specification, is this 
>                     certificate legal or illegal ?
> 
> Question2 : If this certificate is legal, how does it describe the
>                      order of priority to process those extensions?
> 
> For example, 
> ------------------------------------------------
> 1st.                        OCSP server-1
> 2nd.                       OCSP server-2
> 3rd.                       CRL DP-1
> 4th.                        CRL DP-2
> 
> or
> 
> 1st.                        OCSP server-1
> 2nd.                       CRL DP-1
> 3rd.                        OCSP server-2
> 4th.                        CRL DP-2
> 
> etc ...
> ------------------------------------------------
> 
> Is a new extension(or any scheme) which describes the
> list of these priorities needed?
> 
> like this
> 
> LIST  {
> 1st    use AIA's 1st element,
> 2nd   use CRL DPs 1st element,
> 3rd    use "other method",
> 4th    use  AIA's 2nd element,
> 5th    use  CRL DPs 2nd element,
> etc ...
> }
> 
> Please, can anyone help? 
> 
> Hioryuki Sakakibara
> 
> =========================================
> Hiroyuki Sakakibara
> Research Engineer
> Information Security Department
> Mitsubishi Electric Corporation
> Information Technology R&D Center
> 5-1-1 Ofuna, Kamakura, Kanagawa, 247-8501, Japan
> PHONE: +81-467-41-2183
> FAX: +81-467-41-2185
> ==========================================
>

Prev by Date: RE: Q: Are repeated OIDs allowed in the AIA extension?
Next by Date: RE: Accessing/selecting biometrics was: Stray Poll: Finger-printsin QCs
Previous by thread: RE: certificate which has both AIA and CRL DPs
Next by thread: RE: certificate which has both AIA and CRL DPs
Index(es):
- Date
- Thread