To simplify the process of C509 native CRLs, what about extracting some
extensions from the 'extensions' field and assigning explicit fields for
such extensions?
1. CRL extensions 'CRL number' and 'AuthorityKeyIdentifier':
TBSCertificateSigningRequest = (
C509CertificateRevocationListType: int,
issuer: Name,
thisUpdate: Time,
nextUpdate: Time,
**crlNumber: ~biguint,** ;new field
**AuthorityKeyIdentifier: ~bstr,**; new field
revokedCertificates: RevokedCertificates,
crlExtensions: Extensions, ; all extensions except CRLNumber and
AuthorityKeyIdentifier
issuerSignatureAlgorithm: AlgorithmIdentifier,
)
2. CRL entry extension 'crlReason':
RevokedCertificates = [
userCertificate: CertificateSerialNumber,
revocationDate: Time,
**crlReason: ~uint,**; new field
crlEntryExtensions: Extensions, ; all extensions except crlReason.
]
BR/
Lijun Liao
_______________________________________________
COSE mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/cose
