RE: not required to support IDP?
"Simon Tardell" <Simon.Tardell@smarttrust.com> Wed, 20 February 2002 16:48 UTC
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA06158 for <pkix-archive@odin.ietf.org>; Wed, 20 Feb 2002 11:48:48 -0500 (EST)
Received: by above.proper.com (8.11.6/8.11.3) id g1KFrag08489 for ietf-pkix-bks; Wed, 20 Feb 2002 07:53:36 -0800 (PST)
Received: from mail.smarttrust.com ([213.212.5.232]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g1KFrZ308485 for <ietf-pkix@imc.org>; Wed, 20 Feb 2002 07:53:35 -0800 (PST)
Received: from sek43.smarttrust.com ([172.16.0.43]) by mail.smarttrust.com with Microsoft SMTPSVC(5.0.2195.2966); Wed, 20 Feb 2002 16:53:20 +0100
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Subject: RE: not required to support IDP?
Date: Wed, 20 Feb 2002 16:53:09 +0100
Message-ID: <9AC1E20200AD934D95F3972A0E048AFE0821D2@sek43.smarttrust.com>
Thread-Topic: not required to support IDP?
Thread-Index: AcG6HTSK5MC1a642QIuY63szAZWTRgAABy+A
From: Simon Tardell <Simon.Tardell@smarttrust.com>
To: Hiro <yoshida@secomtrust.net>, ietf-pkix@imc.org
X-OriginalArrivalTime: 20 Feb 2002 15:53:20.0835 (UTC) FILETIME=[B866C130:01C1BA26]
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id g1KFra308486
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Content-Transfer-Encoding: 8bit
Hi Hiro, Of course, whatever extension is critical that you don't understand, must cause you to reject the CRL. However, according to X.509(97) 12.6.1 f) a complete CRL shall always be issued, even if partitioned CRLs are also issued. That means that you don't have to support partitioned CRLs, since there is always (if the CA is X.509 compliant) a complete CRL to get. For many applications, partitioning CRLs may not even be the best answer to the problem you try to solve (depending on the problem of course). Simon Simon Tardell, Software Architect, SmartTrust voice +46 8 6853174, fax +46 8 6856530 cell +46 70 3198319, simon.tardell@smarttrust.com > -----Original Message----- > From: Hiro [mailto:yoshida@secomtrust.net] > Sent: den 20 februari 2002 14:57 > To: ietf-pkix@imc.org > Subject: not required to support IDP? > > > > > Hi, > I have one question about Issuing Distribution Point > Extension. In RFC2459 and draft-ietf-pkix-new-part1-12.txt, > about this extension > > "Although the extension is critical, conforming implementations > are not required to support this extension." > > I cannot understand. > I think it is not only conflicting with critical flag > concept, but also, if a CA is issuing CRL/ARL(not complete > CRL) and it happen the CRL > substitution attack > on the directory, EE should be find this attack. > So I think this extension must be supported. > > Does anyone answer for this question? > > Regard, > > > > -- > Hiro > yoshida@secomtrust.net > > >
- not required to support IDP? Hiro
- RE: not required to support IDP? Simon Tardell
- RE: not required to support IDP? David A. Cooper
- RE: not required to support IDP? Peter Williams
- Re: not required to support IDP? Housley, Russ