not required to support IDP?
Hiro <yoshida@secomtrust.net> Wed, 20 February 2002 14:50 UTC
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA02253 for <pkix-archive@odin.ietf.org>; Wed, 20 Feb 2002 09:50:25 -0500 (EST)
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g1KDvLo01879 for ietf-pkix-bks; Wed, 20 Feb 2002 05:57:21 -0800 (PST)
Received: from iscan02.secomtrust.net (iscan02.secomtrust.net [61.114.177.103]) by above.proper.com (8.11.6/8.11.3) with SMTP id g1KDvH301868 for <ietf-pkix@imc.org>; Wed, 20 Feb 2002 05:57:18 -0800 (PST)
Received: (qmail 9822 invoked by alias); 20 Feb 2002 13:57:08 -0000
Delivered-To: alias-map-ietf-pkix@imc.org@MAP
Received: (qmail 9814 invoked by alias); 20 Feb 2002 13:57:07 -0000
Received: from localhost (HELO mail.secomtrust.net) (127.0.0.1) by localhost with SMTP; 20 Feb 2002 13:57:07 -0000
Received: (qmail 5340 invoked from network); 20 Feb 2002 13:57:06 -0000
Received: from unknown (HELO bon4pc.secomtrust.net) (172.30.5.32) by mail with SMTP; 20 Feb 2002 13:57:06 -0000
Message-Id: <5.0.2.7.2.20020220223318.02585c48@pop.secomtrust.net>
X-Sender: yoshida@pop.secomtrust.net (Unverified)
X-Mailer: QUALCOMM Windows Eudora Version 5.0.2-Jr2
Date: Wed, 20 Feb 2002 22:57:05 +0900
To: ietf-pkix@imc.org
From: Hiro <yoshida@secomtrust.net>
Subject: not required to support IDP?
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Hi,
I have one question about Issuing Distribution Point Extension.
In RFC2459 and draft-ietf-pkix-new-part1-12.txt, about this extension
"Although the extension is critical, conforming implementations
are not required to support this extension."
I cannot understand.
I think it is not only conflicting with critical flag concept, but also,
if a CA is issuing CRL/ARL(not complete CRL) and it happen the CRL
substitution attack
on the directory, EE should be find this attack.
So I think this extension must be supported.
Does anyone answer for this question?
Regard,
--
Hiro
yoshida@secomtrust.net
- not required to support IDP? Hiro
- RE: not required to support IDP? Simon Tardell
- RE: not required to support IDP? David A. Cooper
- RE: not required to support IDP? Peter Williams
- Re: not required to support IDP? Housley, Russ