- From: <tgindin@us.ibm.com>
- Date: Tue, 3 Oct 2000 19:20:19 -0400
- To: "Carl Wallace" <cwallace@erols.com>
- cc: "Donald E. Eastlake 3rd" <dee3@torque.pothole.com>, "Yoshiaki KAWATSURA" <kawatura@bisd.hitachi.co.jp>, w3c-ietf-xmldsig@w3.org
To avoid confusing anybody on the applicability of v1 CRL's, the best
wording is something like "CRL's as defined in X.509v3" which covers both
v1 and v2 CRL's.
Tom Gindin
"Carl Wallace" <cwallace@erols.com> on 10/03/2000 12:24:07 PM
To: Tom Gindin/Watson/IBM@IBMUS, "Donald E. Eastlake 3rd"
<dee3@torque.pothole.com>
cc: "Yoshiaki KAWATSURA" <kawatura@bisd.hitachi.co.jp>,
<w3c-ietf-xmldsig@w3.org>
Subject: Re: Very minor comment in the spec.
The text should not specify a version number. X.509 mandates that CRLs
having no critical extensions also have no version number. From X.509
section 11.2:
"If any extensions included in a CertificateList are defined as critical,
the version element of the CertificateList shall be present. If no
extensions defined as critical are included, the version element shall be
absent. "
Elsewhere it is stated that when the version number is present it must be
set to two. Requiring CRLs with version number equal to two requires the
presence of a critical extension.
Carl Wallace
----- Original Message -----
From: <tgindin@us.ibm.com>
To: "Donald E. Eastlake 3rd" <dee3@torque.pothole.com>
Cc: "Yoshiaki KAWATSURA" <kawatura@bisd.hitachi.co.jp>;
<w3c-ietf-xmldsig@w3.org>
Sent: Tuesday, October 03, 2000 10:56 AM
Subject: Re: Very minor comment in the spec.
> The CRL variant defined in X.509v3 is version 2 of the X.509 CRL
data
> structure. There is no version 3 of this data structure AFAIK. That
> syntax could be plausibly referred to as "version 2 X.509 CRL's" because
> its version number is 2, or as "X.509v3 CRL's" after the spec in which it
> seems to have been first published. "X.509v2 CRL's" is an apparent
> mistranscription of "X.509 v2 CRL's" (as used in RFC 2459) with the space
> indicating the structure version rather than the spec version. The
> simplest description is actually "the X.509 CRL format with extensions".
> Does anybody care which of these descriptions is used in our spec?
>
> Tom Gindin
>
>
> "Donald E. Eastlake 3rd" <dee3@torque.pothole.com>@w3.org on 10/03/2000
> 08:29:35 AM
>
> Sent by: w3c-ietf-xmldsig-request@w3.org
>
>
> To: Yoshiaki KAWATSURA <kawatura@bisd.hitachi.co.jp>
> cc: w3c-ietf-xmldsig@w3.org
> Subject: Re: Very minor comment in the spec.
>
>
>
> I don't think there is any significant use of other than v3 these days.
>
> Donald
>
> From: Yoshiaki KAWATSURA <kawatura@bisd.hitachi.co.jp>
> To: w3c-ietf-xmldsig@w3.org
> Cc: kawatura@bisd.hitachi.co.jp
> In-Reply-To: <4.3.2.7.2.20001002171759.02e06040@rpcp.mit.edu>
> References: <200009280812.RAA10090@ns.trl.ibm.com>
> <200009290127.KAA26690@ns.trl.ibm.com>
> <4.3.2.7.2.20001002171759.02e06040@rpcp.mit.edu>
> Message-Id: <20001003183030K.kawatura@bisd.hitachi.co.jp>
> Date: Tue, 03 Oct 2000 18:30:30 +0900 (JST)
>
> >I have a very minor comment in the spec.
> >###
> >4.4.4 The X509Data Element
> >
> > 5. The X509CRL element, which contains a Base64-encoded X.509v2
> > ^^^^^^^
> > certificate revocation list (CRL).
> >###
> >
> >X.509v3 is better though we can also contain a Base64-encoded X.509v2
> >CRL in the X509CRL...
> >
> >----
> >Yoshiaki Kawatsura : E-mail kawatura@bisd.hitachi.co.jp
> > Business Solution Systems Division, Hitachi,Ltd.
> >Voice: +81-44-549-1713(direct) Fax: +81-44-549-1721
> >
>
>
Received on Tuesday, 3 October 2000 19:21:02 UTC