Re: X509 Path Discovery Test 4.1.1.10

Subject: Re: X509 Path Discovery Test 4.1.1.10
From: "David A. Cooper" <david.cooper@nist.gov>
Date: Wed, 15 Jun 2005 11:05:19 -0400
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
In-Reply-To: <42B039D6.7090900@Sun.COM>
References: <42B039D6.7090900@Sun.COM>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.2) Gecko/20040804

Sean,

In this test, the end entity certificate includes a 
cRLDistributionPoints extension that points to the CRL.  In any test 
where the description states that the CRL is not stored in the CA's 
directory entry, the certificate that is covered by that CRL includes a 
cRLDistributionPoints extension that points to the CRL.

This has been a source of confusion for several people.  In the next 
draft of the test suite, I will need to ensure that the test 
descriptions mention the presence of the cRLDistributionPoints extension.

Thanks,

Dave

Sean Mullan wrote:

>
> This test says that "The intermediate CA has issued a CRL, which is 
> not stored in the CA's directory entry, that lists the end-entity 
> certificate as being revoked."
>
> What does that mean exactly? Where is the CRL stored?
>
> Thanks,
> Sean

Follow-Ups:
- Re: X509 Path Discovery Test 4.1.1.10
  - From: Sean Mullan <Sean.Mullan@Sun.COM>

References:
- X509 Path Discovery Test 4.1.1.10
  - From: Sean Mullan <Sean.Mullan@Sun.COM>

Prev by Date: X509 Path Discovery Test 4.1.1.10
Next by Date: Re: X509 Path Discovery Test 4.1.1.10
Prev by thread: X509 Path Discovery Test 4.1.1.10
Next by thread: Re: X509 Path Discovery Test 4.1.1.10

Date Index | Thread Index | Problems or questions? Contact list-master@nist.gov