- From: Carl Wallace <cwallace@erols.com>
- Date: Tue, 3 Oct 2000 12:24:07 -0400
- To: <tgindin@us.ibm.com>, "Donald E. Eastlake 3rd" <dee3@torque.pothole.com>
- Cc: "Yoshiaki KAWATSURA" <kawatura@bisd.hitachi.co.jp>, <w3c-ietf-xmldsig@w3.org>
The text should not specify a version number. X.509 mandates that CRLs having no critical extensions also have no version number. From X.509 section 11.2: "If any extensions included in a CertificateList are defined as critical, the version element of the CertificateList shall be present. If no extensions defined as critical are included, the version element shall be absent. " Elsewhere it is stated that when the version number is present it must be set to two. Requiring CRLs with version number equal to two requires the presence of a critical extension. Carl Wallace ----- Original Message ----- From: <tgindin@us.ibm.com> To: "Donald E. Eastlake 3rd" <dee3@torque.pothole.com> Cc: "Yoshiaki KAWATSURA" <kawatura@bisd.hitachi.co.jp>; <w3c-ietf-xmldsig@w3.org> Sent: Tuesday, October 03, 2000 10:56 AM Subject: Re: Very minor comment in the spec. > The CRL variant defined in X.509v3 is version 2 of the X.509 CRL data > structure. There is no version 3 of this data structure AFAIK. That > syntax could be plausibly referred to as "version 2 X.509 CRL's" because > its version number is 2, or as "X.509v3 CRL's" after the spec in which it > seems to have been first published. "X.509v2 CRL's" is an apparent > mistranscription of "X.509 v2 CRL's" (as used in RFC 2459) with the space > indicating the structure version rather than the spec version. The > simplest description is actually "the X.509 CRL format with extensions". > Does anybody care which of these descriptions is used in our spec? > > Tom Gindin > > > "Donald E. Eastlake 3rd" <dee3@torque.pothole.com>@w3.org on 10/03/2000 > 08:29:35 AM > > Sent by: w3c-ietf-xmldsig-request@w3.org > > > To: Yoshiaki KAWATSURA <kawatura@bisd.hitachi.co.jp> > cc: w3c-ietf-xmldsig@w3.org > Subject: Re: Very minor comment in the spec. > > > > I don't think there is any significant use of other than v3 these days. > > Donald > > From: Yoshiaki KAWATSURA <kawatura@bisd.hitachi.co.jp> > To: w3c-ietf-xmldsig@w3.org > Cc: kawatura@bisd.hitachi.co.jp > In-Reply-To: <4.3.2.7.2.20001002171759.02e06040@rpcp.mit.edu> > References: <200009280812.RAA10090@ns.trl.ibm.com> > <200009290127.KAA26690@ns.trl.ibm.com> > <4.3.2.7.2.20001002171759.02e06040@rpcp.mit.edu> > Message-Id: <20001003183030K.kawatura@bisd.hitachi.co.jp> > Date: Tue, 03 Oct 2000 18:30:30 +0900 (JST) > > >I have a very minor comment in the spec. > >### > >4.4.4 The X509Data Element > > > > 5. The X509CRL element, which contains a Base64-encoded X.509v2 > > ^^^^^^^ > > certificate revocation list (CRL). > >### > > > >X.509v3 is better though we can also contain a Base64-encoded X.509v2 > >CRL in the X509CRL... > > > >---- > >Yoshiaki Kawatsura : E-mail kawatura@bisd.hitachi.co.jp > > Business Solution Systems Division, Hitachi,Ltd. > >Voice: +81-44-549-1713(direct) Fax: +81-44-549-1721 > > > >
Received on Tuesday, 3 October 2000 12:25:27 UTC