I'm assuming that in the above scenario, the sub-root CA, and not the root CA, signs the CRL with its private key. I believe that this is correct.
It's valid. There are other ways. See RFC3280 section 4.2.1.4 and 5 for more info about CRL issuer and delegation.
Also, a given CA may have multiple private keys, used to sign different objects. This would lead to multiple CA certs with different extendedkeyusage .
Now, our server is using the CRL from the sub-root CA for checking for client certificate revocation. But, in order to check the signature of the CRL from the sub-root CA, doesn't the server need the sub-root CA's certificate?
Yes. And it also needs it to verify the signature on the client certificates, well before it gets to verifying the CRL.
I guess that "where I am" is that I'm coming close to the conclusion that the server is not checking the CRL signature, but I keep wondering if there may some other possible way that the server could be getting the public key of the sub-root CA for doing CRL signature checking?
That's entirely dependent on your server implementation and there is too much speculation possible. Is it an NSS-based server (ie. Netscape or Sun server product ?)
_______________________________________________
mozilla-crypto mailing list
[EMAIL PROTECTED]
http://mail.mozilla.org/listinfo/mozilla-crypto
