1> If I receive a message with a certificate (or an IA/Version number),
it will have the distinguished name of a CA (not a PCA) in it. This is
not my CA and if I have never heard of it before how do I address a
request to it for its current CRL?
RFC1422 Section 3.4.2.4 "Distinguished Name Conventions"
PCAs will certify CAs, but not users. ...
we know a PCA is a Policy CA, and
"Certificates issued by CAs (for use with PEM) will be for
users or for other CAs, either of which must have DNs
subordinate to that of the issuing CA".
Therefore, you should be able to retrieve the PCA DN from a CA DN.
_______________________________________________________________________
Alireza Bahreman E-Mail:
bahreman(_at_)bellcore(_dot_)com
Bellcore, Room RRC-1K221 Phone : +1 908 699 7398
444 Hoes Lane, Piscataway, NJ 08854 Fax : +1 908 336 2943