Dave,
You write:
P.S. If PEM CRLs are to be posted to a Quipu DSA, has anyone
specified the EDB syntax for them?
I have added a syntax for PEM CRLs to a isode 8.0 Quipu. I didn't
register it or done anything formally. But I tested it and it
works fine. Here is what it looks like:
Terry
---------------------
RevokedList [[P struct revoked_certificate *]]
::=
SEQUENCE OF [[ T struct revoked_certificate * $ * ]] <<next>>
SEQUENCE [[T struct revoked_certificate * $ *]]
{
subject
CertificateSerialNumber [[p *]],
revokationDate
UTCTime [[s revocation_date]]
}
CertificateRevocationListToSign [[P struct revocation_list *]]
::=
SEQUENCE
{
%E{
if (parm->revoked)
BITSET (parm->test,1);
else
BITCLR (parm->test,1);
%}
lastUpdate
UTCTime [[s last_update]],
nextUpdate
UTCTime [[s next_update]],
revokedCertificates
RevokedList [[p revoked]]
OPTIONAL <<parm->test $ 1>>
}
CertificateRevocationList [[P struct revocation_list *]]
::=
SEQUENCE
{
CertificateRevocationListToSign [[p *]],
AlgorithmIdentifier [[p &parm->sig.alg]],
BIT STRING [[x sig.encrypted $ sig.n_bits]]
}