[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: certificate which has both AIA and CRL DPs

To: "Ambarish Malpani" <ambarish@xxxxxxxxxxxx>, <ietf-pkix@xxxxxxx>
Subject: RE: certificate which has both AIA and CRL DPs
From: "Hiroyuki Sakakibara" <sakaki@xxxxxxxxxxxxxxxxxxx>
Date: Fri, 17 Dec 1999 11:27:49 +0900

Mr. Malpani

Thank you for your reply.
I am going to create the list of the order of priority and
give it to the application which uses certificates including 
CDPs and AIA.

Hiroyuki Sakakibara

>Hi,
>    The certificate that you are planning to issue is perfectly
>legal. Unfortunately, the answer to Question2 is not specified
>in the standards. It is up to the application to decide how it
>wants to prioritize the different validation methods.
>
>It is perfectly legal for the application to ask in the following
>order:
>
>OCSP server-2
>CRL DP-1
>OCSP server-1
>CRL DP-2
>
>or any other order it chooses.
>
>Regards,
>Ambarish
>
>---------------------------------------------------------------------
>Ambarish Malpani
>Architect                                                650.567.5457
>ValiCert, Inc.                                  ambarish@valicert.com
>1215 Terra Bella Ave.                         http://www.valicert.com
>Mountain View, CA 94043-1833
>
>
>> -----Original Message-----
>> From: Hiroyuki Sakakibara [mailto:sakaki@iss.isl.melco.co.jp]
>> Sent: Tuesday, December 07, 1999 6:47 PM
>> To: ietf-pkix@imc.org
>> Subject: certificate which has both AIA and CRL DPs
>> 
>> 
>> Hello
>> 
>> I would like to generate a certificate which has
>> both AIA and CRL DPs.
>> 
>> Question1 : In RFC2459 specification, is this 
>>                     certificate legal or illegal ?
>> 
>> Question2 : If this certificate is legal, how does it describe the
>>                      order of priority to process those extensions?
>> 
>> For example, 
>> ------------------------------------------------
>> 1st.                        OCSP server-1
>> 2nd.                       OCSP server-2
>> 3rd.                       CRL DP-1
>> 4th.                        CRL DP-2
>> 
>> or
>> 
>> 1st.                        OCSP server-1
>> 2nd.                       CRL DP-1
>> 3rd.                        OCSP server-2
>> 4th.                        CRL DP-2
>> 
>> etc ...
>> ------------------------------------------------
>> 
>> Is a new extension(or any scheme) which describes the
>> list of these priorities needed?
>> 
>> like this
>> 
>> LIST  {
>> 1st    use AIA's 1st element,
>> 2nd   use CRL DPs 1st element,
>> 3rd    use "other method",
>> 4th    use  AIA's 2nd element,
>> 5th    use  CRL DPs 2nd element,
>> etc ...
>> }
>> 
>> Please, can anyone help? 
>> 
>> Hioryuki Sakakibara
>> 
>> =========================================
>> Hiroyuki Sakakibara
>> Research Engineer
>> Information Security Department
>> Mitsubishi Electric Corporation
>> Information Technology R&D Center
>> 5-1-1 Ofuna, Kamakura, Kanagawa, 247-8501, Japan
>> PHONE: +81-467-41-2183
>> FAX: +81-467-41-2185
>> ==========================================
>> 
>

Prev by Date: [no subject]
Next by Date: unsubscribe
Previous by thread: RE: certificate which has both AIA and CRL DPs
Next by thread: Re: No, was Re: QC biometrics needs re-engineering NOW!
Index(es):
- Date
- Thread