Massimiliano Pala wrote:
Do you have plan to support CDP based CRL download ?
I have been working on this, but the problem is that the CDP points to
the issuer's CRL. This means that if rootCA issues CA1, the CDP in CA1
will carry URI for downloading the rootCA's CRL, not the CA1's one.
Probably this could be used for rootCAs where Issuer=Subject....
Does anyone use the CDP on rootCA ?
Another point, probably for this purpose we could use the:
SubjectInformationAccess
in the CA1 certificate, but this could point either to CRLs and Certs
repositories... and there is no way to actually figure out which you
are pointing at because only one oid is used to identify both.
Does anyone use the SubjectInformationAccess in its CAs ? What do you
put in there ?
Let me know,
--
Best Regards,
Massimiliano Pala
--o------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager] [EMAIL PROTECTED]
Tel.: +39 (0)11 564 7081
http://security.polito.it Fax: +39 178 270 2077
Mobile: +39 (0)347 7222 365
Politecnico di Torino (EuroPKI)
Certification Authority Informations:
Authority Access Point http://ca.polito.it
Authority's Certificate: http://ca.polito.it/ca_cert/en_index.html
Certificate Revocation List: http://ca.polito.it/crl02/crl.crl
--o------------------------------------------------------------------------
smime.p7s
Description: S/MIME Cryptographic Signature
