CRL like extensions

Hi,

Thinking about this a bit more, I think there is a need for the
ability to add new items inside X509DataType at the same level as
X509CRL.  I base this on the experience of SET, probably the strongest
attempt so far to really design a system with multiple levels of
Certification Authority that actually uses CRLs, etc.  SET found it
necessary to define a new object, the BrandCRLIdentifier, which is as
the same level as a CRL.  (See Secure Electronic Transaction
Specification, Book 2: Programmer's Guide, Part II Certificate
Management, Chapter 5 Certification Revocation List and
BrandCRLIdenftifier, <http://www.setco.org/download.html>.)

Thanks,
Donald

=====================================================================
 Donald E. Eastlake 3rd                      dee3@torque.pothole.com
 155 Beaver Street                                +1 508-634-2066(h)
 Milford, MA 01757 USA                            +1 508-261-5434(w)

Received on Monday, 22 January 2001 11:51:54 UTC