Re: not required to support IDP?
"Housley, Russ" <rhousley@rsasecurity.com> Mon, 25 February 2002 21:04 UTC
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA29928 for <pkix-archive@lists.ietf.org>; Mon, 25 Feb 2002 16:04:31 -0500 (EST)
Received: by above.proper.com (8.11.6/8.11.3) id g1PK91607651 for ietf-pkix-bks; Mon, 25 Feb 2002 12:09:01 -0800 (PST)
Received: from vulcan.rsasecurity.com (vulcan.rsasecurity.com [204.167.114.130]) by above.proper.com (8.11.6/8.11.3) with SMTP id g1PK8w307638 for <ietf-pkix@imc.org>; Mon, 25 Feb 2002 12:08:58 -0800 (PST)
Received: from no.name.available by vulcan.rsasecurity.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 25 Feb 2002 20:08:46 UT
Received: from ebola.securitydynamics.com (ebola.securid.com [192.80.211.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id PAA17551 for <ietf-pkix@imc.org>; Mon, 25 Feb 2002 15:08:54 -0500 (EST)
Received: from exna00.securitydynamics.com (localhost [127.0.0.1]) by ebola.securitydynamics.com (8.10.2+Sun/8.9.1) with ESMTP id g1PK8wU04473 for <ietf-pkix@imc.org>; Mon, 25 Feb 2002 15:08:58 -0500 (EST)
Received: by exna00.securitydynamics.com with Internet Mail Service (5.5.2653.19) id <F4N5MGVX>; Mon, 25 Feb 2002 15:06:48 -0500
Received: from HOUSLEY-LAP.rsasecurity.com (HOUSLEY-LAP [10.3.1.66]) by exna00.securitydynamics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id F4N5MGVT; Mon, 25 Feb 2002 15:06:46 -0500
From: "Housley, Russ" <rhousley@rsasecurity.com>
To: Hiro <yoshida@secomtrust.net>
Cc: ietf-pkix@imc.org
Message-Id: <5.1.0.14.2.20020225135649.030f2c60@exna07.securitydynamics.com>
X-Sender: rhousley@exna07.securitydynamics.com
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Mon, 25 Feb 2002 13:58:10 -0500
Subject: Re: not required to support IDP?
In-Reply-To: <5.0.2.7.2.20020220223318.02585c48@pop.secomtrust.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Hiro: Implementations are not required to support the extension. However, if a CRL issuer chooses to support it, then it must mare it critical. Thus, any client that does not support it will reject the CRL. Russ At 10:57 PM 2/20/2002 +0900, Hiro wrote: >Hi, >I have one question about Issuing Distribution Point Extension. >In RFC2459 and draft-ietf-pkix-new-part1-12.txt, about this extension > > "Although the extension is critical, conforming implementations > are not required to support this extension." > >I cannot understand. >I think it is not only conflicting with critical flag concept, but also, >if a CA is issuing CRL/ARL(not complete CRL) and it happen the CRL >substitution attack >on the directory, EE should be find this attack. >So I think this extension must be supported. > >Does anyone answer for this question? > >Regard, > > > >-- >Hiro >yoshida@secomtrust.net
- not required to support IDP? Hiro
- RE: not required to support IDP? Simon Tardell
- RE: not required to support IDP? David A. Cooper
- RE: not required to support IDP? Peter Williams
- Re: not required to support IDP? Housley, Russ