Re: [pkix] [x500standard] Indirect CRLs
"Santosh Chokhani" <santosh.chokhani@gmail.com> Mon, 16 November 2015 16:57 UTC
Return-Path: <santosh.chokhani@gmail.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 7ACB21A6FA7
for <pkix@ietfa.amsl.com>; Mon, 16 Nov 2015 08:57:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001,
SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id GmKVGuBSCjvP for <pkix@ietfa.amsl.com>;
Mon, 16 Nov 2015 08:57:17 -0800 (PST)
Received: from mail-qk0-x22f.google.com (mail-qk0-x22f.google.com
[IPv6:2607:f8b0:400d:c09::22f])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id A70761A6FA3
for <pkix@ietf.org>; Mon, 16 Nov 2015 08:57:15 -0800 (PST)
Received: by qkao63 with SMTP id o63so118226219qka.2
for <pkix@ietf.org>; Mon, 16 Nov 2015 08:57:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
h=from:to:references:in-reply-to:subject:date:message-id:mime-version
:content-type:thread-index:content-language;
bh=L4cjmwydEy5SDKq0lspoacW2B19yM16s7JU+fkG1ub8=;
b=ZBTDo2w/b70N0sEEewUzP3kFKXlRGilIRzQbV8pEgCcQ0Dfmhae4EK5998Y4yoba9z
SRMDmGtzfQVJYO2pjJMWy7jJIYZ5vAPOWrwRAh4i86go4LGMGVo7N8a3EtEEsnjmUk9M
w/+L9nmbFMPSx+KgiCgjMO4XRdlijTIlRHB0dh563OCJUWIvQwmBSmIABVLtJdtWYVJ2
wpUqvZmyAEtIIYaIsWQEbC3PeOPY5pLC/CanCmDukEM4sodsuj5WH4Eapfeh+AS/JGSn
msVHlOV0uGvSHmFJyZ/RdsjFFQsdWnpsbvotMwEP7uE0uaXWoY12icomxbdi74jsuuJl
dKFQ==
X-Received: by 10.55.40.211 with SMTP id o80mr36628469qko.93.1447693034566;
Mon, 16 Nov 2015 08:57:14 -0800 (PST)
Received: from SantoshBrain (pool-108-31-66-4.washdc.fios.verizon.net.
[108.31.66.4])
by smtp.gmail.com with ESMTPSA id x44sm8918208qgx.44.2015.11.16.08.57.13
(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Mon, 16 Nov 2015 08:57:13 -0800 (PST)
From: "Santosh Chokhani" <santosh.chokhani@gmail.com>
To: <x500standard@freelists.org>,
"'PKIX'" <pkix@ietf.org>
References: <002701d12053$dee21d30$9ca65790$@x500.eu>
In-Reply-To: <002701d12053$dee21d30$9ca65790$@x500.eu>
Date: Mon, 16 Nov 2015 11:57:15 -0500
Message-ID: <012001d1208f$d8cab330$8a601990$@gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0121_01D12065.EFF56E80"
X-Mailer: Microsoft Outlook 15.0
Thread-Index: AQHe19kKlDjUbKxoDOCow0BcjpR94Z6DbLkA
Content-Language: en-us
Archived-At: <http://mailarchive.ietf.org/arch/msg/pkix/HD4WLwj7Ixn6ZBgw0gO-KT8ShlM>
Subject: Re: [pkix] [x500standard] Indirect CRLs
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>,
<mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>,
<mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Nov 2015 16:57:19 -0000
Yes. That is an indirect CRL. Note that the CA needs to assert appropriate cRLIssuer in the DistributionPoint field of CRL DP extension of each certificate the CA issues. From: x500standard-bounce@freelists.org [mailto:x500standard-bounce@freelists.org] On Behalf Of Erik Andersen Sent: Monday, November 16, 2015 4:48 AM To: PKIX <pkix@ietf.org> Cc: Directory list <x500standard@freelists.org> Subject: [x500standard] Indirect CRLs I have a question related to indirect CRLs. RFC 5280 in Section 5: If the scope of the CRL includes one or more certificates issued by an entity other than the CRL issuer, then it is an indirect CRL. If a CA has delegated CRL issuing to another entity, but this entity only issues revocation status for certificates issued by that CA, is the CRL then an indirect CRL? Erik
- [pkix] Indirect CRLs Erik Andersen
- Re: [pkix] [x500standard] Indirect CRLs Santosh Chokhani
- Re: [pkix] [x500standard] Indirect CRLs Erik Andersen
- Re: [pkix] [x500standard] Indirect CRLs Erik Andersen
- Re: [pkix] [x500standard] Indirect CRLs Santosh Chokhani
- Re: [pkix] [x500standard] Re: Indirect CRLs Kemp, David P.
- Re: [pkix] [x500standard] Re: Indirect CRLs Erik Andersen
- Re: [pkix] [x500standard] Indirect CRLs Martin Rex
- Re: [pkix] [x500standard] Indirect CRLs Santosh Chokhani
- Re: [pkix] [x500standard] Indirect CRLs Erik Andersen
- Re: [pkix] [x500standard] Indirect CRLs Martin Rex
- Re: [pkix] [x500standard] SV: Indirect CRLs Santosh Chokhani
- Re: [pkix] [x500standard] Indirect CRLs Santosh Chokhani
- Re: [pkix] [x500standard] Re: SV: Indirect CRLs Erik Andersen
- Re: [pkix] [x500standard] SV: Re: SV: Indirect CR… Santosh Chokhani
- Re: [pkix] [x500standard] SV: Re: SV: Indirect CR… Erik Andersen
- Re: [pkix] [x500standard] SV: Re: SV: Indirect CR… Stephen Farrell
- Re: [pkix] [x500standard] SV: Re: SV: Indirect CR… Erik Andersen
- Re: [pkix] [x500standard] SV: Re: SV: Indirect CR… Stephen Farrell