I wrote, On 2009-01-12 15:08 PST: > Eddy Nigg wrote, On 2009-01-12 14:51: >> On 01/13/2009 12:37 AM, Julien R Pierre - Sun Microsystems: >>> I agree. The person who wrote that page must have misunderstood the >>> meaning of the CRL Issuing Distribution Points extension. This extension >>> is required to be critical in RFC 3280 and 5280 for good reason - it >>> defines the scope of the CRL. Unless the client software understands the >>> scope, the CRL is meaningless to it. It should not be confused with a >>> full CRL. > > I don't know that the presence of a CIDP necessary means that the CRL is > not a full CRL. The original comment arose in the context of a CA that > was putting CIDP into their full CRLs. > >> I think this was Kathleen, however based on comments from here. As I >> understood (from Nelson), CRLs with critical CIDP extension fail to load >> properly with NSS. Is this correct? > > Yes. And that's appropriate for partial CRLs.
I updated that portion of the page. _______________________________________________ dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
