Russ Housley wrote:
If IssuerAndSerialNumber is sufficient for specifying a cerrtificate in a
CRL, then what makes it insufficient here?
Russ
I would say that one difference is that a CRL has IssuerAndSerialNumber
and an issuer signature. I would also (not too seriously) argue that
there is not much use in substituting one revoked certificate for
another :-)
All I'm really saying is why have a weaker, duplicating bind when you
can have a stronger, smaller one with minimal extra effort?
Steve.
--
Dr Stephen N. Henson.
UK based freelance Cryptographic Consultant. For info see homepage.
Homepage: http://www.drh-consultancy.demon.co.uk/
Email: shenson(_at_)bigfoot(_dot_)com
PGP key: via homepage.