Re: X509 Path Discovery Test 4.1.1.10

Subject: Re: X509 Path Discovery Test 4.1.1.10
From: Sean Mullan <Sean.Mullan@Sun.COM>
Date: Wed, 15 Jun 2005 16:19:02 -0400
Content-transfer-encoding: 7BIT
Content-type: text/plain; charset=ISO-8859-1; format=flowed
In-reply-to: <42B043AF.5020200@nist.gov>
References: <42B039D6.7090900@Sun.COM> <42B043AF.5020200@nist.gov>
User-Agent: Mozilla Thunderbird 1.0 (X11/20041208)


Thanks for the clarification. From the description, I wasn't sure if the 
CRL was simply not available (and whether the test was supposed to fail 
because it couldn't find an appropriate CRL). Mentioning the CRLDP would 
help.

--Sean

David A. Cooper wrote:
> Sean,
> 
> In this test, the end entity certificate includes a 
> cRLDistributionPoints extension that points to the CRL.  In any test 
> where the description states that the CRL is not stored in the CA's 
> directory entry, the certificate that is covered by that CRL includes a 
> cRLDistributionPoints extension that points to the CRL.
> 
> This has been a source of confusion for several people.  In the next 
> draft of the test suite, I will need to ensure that the test 
> descriptions mention the presence of the cRLDistributionPoints extension.
> 
> Thanks,
> 
> Dave
> 
> Sean Mullan wrote:
> 
>>
>> This test says that "The intermediate CA has issued a CRL, which is 
>> not stored in the CA's directory entry, that lists the end-entity 
>> certificate as being revoked."
>>
>> What does that mean exactly? Where is the CRL stored?
>>
>> Thanks,
>> Sean
> 
>

References:
- X509 Path Discovery Test 4.1.1.10
  - From: Sean Mullan <Sean.Mullan@Sun.COM>
- Re: X509 Path Discovery Test 4.1.1.10
  - From: "David A. Cooper" <david.cooper@nist.gov>

Prev by Date: Re: X509 Path Discovery Test 4.1.1.10
Next by Date: IP address of hellcat.nist.gov?
Prev by thread: Re: X509 Path Discovery Test 4.1.1.10
Next by thread: PKITS Question

Date Index | Thread Index | Problems or questions? Contact list-master@nist.gov