[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IKEV2: Issue #4 Revised Identity
> > and that's where you find the crl. I don't know. I punt to pkix to decide
> > what the "URL" means. I think that there are documents now that tell me
> > how to get stuff via HTTP, right?
>
>Yes, and there's also apparently some way to embed URLs pointing to
>(multiple) CRL distribution points into certificates.
See RFC 3280, section 4.2.1.14, on CRL Distribution Points.
The CRL distribution points extension identifies how CRL information
is obtained. The extension SHOULD be non-critical, but this profile
RECOMMENDS support for this extension by CAs and applications.
Russ