[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Additional Certificate Types to support CRL\ARL

To: "'ipsec@tis.com'" <ipsec@tis.com>
Subject: Additional Certificate Types to support CRL\ARL
From: Greg Carter <carterg@entrust.com>
Date: Thu, 5 Dec 1996 12:24:17 -0500
Cc: "Michael Wiener (9C21-I)" <Michael.Wiener.1578818@bnr.ca>, Ron Vandergeest <rvander@entrust.com>, "'wdmaugh@tycho.ncsc.mil'" <wdmaugh@tycho.ncsc.mil>, "'palamber@us.oracle.com'" <palamber@us.oracle.com>
Sender: owner-ipsec@ex.tis.com

The following applies to the ISAKMP draft version 6 wrt to Certificate
Payloads and X.509 Certificates.

As noted in previous exchanges on this mailing list it would be
advantageous to be able to send Certificate Revocation Lists (CRL) and
Authority Revocation Lists (ARL) in ISAKMP Certificate Payloads.
Allowing X.509 certificates but not the accompanying CRLs\ARLs to be
exchanged in ISAKMP is of questionable worth.  The current definition of
a Certificate Payload is generic enough to support both user
certificates and CRLs\ARLs.  The only change to the current draft
necessary to allow the exchange of CRLs\ARLs is the addition of two
Certificate Types as defined in section 3.9 Certificate Payload on page
32.

The types proposed are:
  X.509 Certificate Revocation List		6
  X.509 Authority Revocation List			7

If more discussion is required I would like to request that this topic
be added to the IETF ipsec meeting agenda <if schedule permits etc...>.

Thanks!

----
Greg Carter
Nortel Secure Networks - Entrust
carterg@entrust.com

Prev by Date: Re: discussing revised documents
Next by Date: Re: Additional Certificate Types to support CRL\ARL
Prev by thread: Re: discussing revised documents
Next by thread: Re: Additional Certificate Types to support CRL\ARL
Index(es):
- Main
- Thread