Re: X.509 v3 Certificate

Hi Warwick,

We are very pleased to see the X.509 revision moving forward.
Such extensions have been needed for quite some time.  

One immediate observation about the proposed CRL format:

CertificateList ::= SIGNED { SEQUENCE {
     version             Version  OPTIONAL,
                         -- if present, version must be v2--
     signature           AlgorithmIdentifier, 
     issuer              Name,
     thisUpdate               UTCTime,
     nextUpdate               UTCTime OPTIONAL, 
     revokedCertificates      SEQUENCE OF SEQUENCE {
          userCertificate          CertificateSerialNumber, 
          revocationDate           UTCTime,
          crlEntryExtensions       Extensions OPTIONAL } OPTIONAL,
     crlExtensions       [0]  Extensions OPTIONAL }}
     
The OPTIONAL nature of the nextUpdate field is not consistent with
the CRL format in PEM RFC 1422.  Can you explain the reasoning ?

Thanks,
Steve DUsse
RSA

<Prev in Thread]	Current Thread	[Next in Thread>
X.509 v3 Certificate, warwick (w.s.) ford re:X.509 v3 Certificate, warwick (w.s.) ford Re: X.509 v3 Certificate, John Linn re:X.509 v3 Certificate, Steve Crocker re:X.509 v3 Certificate, warwick (w.s.) ford re:X.509 v3 Certificate, Steve Crocker Re: X.509 v3 Certificate, spock <= Re: X.509 v3 Certificate, warwick (w.s.) ford Re: re:X.509 v3 Certificate, Jueneman Re: re:X.509 v3 Certificate, warwick (w.s.) ford

Previous by Date:	Re: PEM/MIME Encryption, Theodore Ts'o
Next by Date:	Re: I would like to join your mailing list, Robert W. Shirey
Previous by Thread:	re:X.509 v3 Certificate, Steve Crocker
Next by Thread:	Re: X.509 v3 Certificate, warwick (w.s.) ford
Indexes:	[Date] [Thread] [Top] [All Lists]