Dan,
I think I might have introduced some of this. The issue is one of
convenient support for a CA which employs multiple signature
algorithms. One approach would be to have the CA crl be a multiple
valued attribute and fetch all the crls, then look for the one you
could validate. The second approach, and the one taken for SDN.702,
is to define different attribute types (with the same syntax) for crls
used with different algorithms, thereby facilitating retrieval of the
proper crl. Either approach is valid, we opted for the second.
The UCL registrations are fully specified, but would fall into the
first approach if multiple signature algorithms were used.
Dave
P.S. If PEM CRLs are to be posted to a Quipu DSA, has anyone
specified the EDB syntax for them?