[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CRLs' cycle

To: ietf-pkix@xxxxxxx
Subject: CRLs' cycle
From: Pavel Krylov <Pavel.Krylov@xxxxxxxxxxxxxx>
Date: Thu, 16 Dec 1999 13:25:34 +0300
Organization: TrustWorks

Hi all,
I didn't find any limitations for CRL infrastructure .. I found out
one interesting CRL configuration, when revokation only one certificate
in it follows to automatic revokation all certificates, those in
the cycle. Basically it seems like:

         CA1
          |
          V
        cert_1 -~-~-~-~-~-> crl_2
          |                   &
          |                   |
          |                   |
          V                   |
         crl_1 <-~-~-~-~-~- cert_2 <----- CA2


 -~-~-~ line shows who references to a crl.
 ------ line shows who issued a crl.

When no one certificate is revoked in the infrastructure, then
it looks good and works best ( I think ). But if only one certificate
is revoked by appropriate crl, then it follows to the automatic
revokation of another certificate ( in this example ).
So my question: is this infrastructure illicit by rfc2459 or not?
Another question: have I missed something?

Thanks a lot.
Pavel.

Prev by Date: unsubscribe
Next by Date: unsubscribe
Previous by thread: Why should not the BC extension appear in end entity certificate?
Next by thread: Internet Security Conference, Call for Papers, Abstracts
Index(es):
- Date
- Thread