CRL like extensions from Donald E. Eastlake 3rd on 2001-01-22 (w3c-ietf-xmldsig@w3.org from January to March 2001)

From: Donald E. Eastlake 3rd <dee3@torque.pothole.com>
Date: Mon, 22 Jan 2001 11:51:56 -0500
To: w3c-ietf-xmldsig@w3.org
cc: lde008@dma.isg.mot.com
Message-Id: <200101221651.LAA0000041403@torque.pothole.com>

Hi,

Thinking about this a bit more, I think there is a need for the
ability to add new items inside X509DataType at the same level as
X509CRL.  I base this on the experience of SET, probably the strongest
attempt so far to really design a system with multiple levels of
Certification Authority that actually uses CRLs, etc.  SET found it
necessary to define a new object, the BrandCRLIdentifier, which is as
the same level as a CRL.  (See Secure Electronic Transaction
Specification, Book 2: Programmer's Guide, Part II Certificate
Management, Chapter 5 Certification Revocation List and
BrandCRLIdenftifier, <http://www.setco.org/download.html>.)

Thanks,
Donald

=====================================================================
 Donald E. Eastlake 3rd                      dee3@torque.pothole.com
 155 Beaver Street                                +1 508-634-2066(h)
 Milford, MA 01757 USA                            +1 508-261-5434(w)

Received on Monday, 22 January 2001 11:51:54 UTC