> > At least Netscape 4.nn however requires mime type
> > "application/x-pkcs7-crl" together with a DER formatted crl, as in
openssl
> > crl. It will refuse a pkcs7 crl, at least in DER Format.
> >
> > Is Netscape just horribly wrong or what is the defined crl format for
> > "application/x-pkcs7-crl"?
> >
>
> The Nestcape format is AFAIK not officially documented anywhere. I only
> saw that MIME type in a dark corner of one of the online manuals to some
> version of NS certificate server and did some experiments with it. I
> could only get a DER encoded CRL to work.
But the question is rather: is the "application/x-pkcs7-crl" officially
documented somewhere or is this a netscape specific mime type. At least
apache/mod_ssl uses it as well for crls:
AddType application/x-pkcs7-crl .crl
My problem is that I have to provide crls and get quite unsure what format
to deliver to which client using which mime type, so I would welcome if
there was a definition what a x-pkcs7-crl really is supposed to be. I can
always have a workaround for non-standard clients, but it would be nice to
at least have a standard as the default:
Outlook Express/2000 and IE5 accept a DER CRL as application/pkix-crl.
Netscape accepts a DER CRL as application/x-pkcs7-crl.
Verisign CRL Distribution Point delivers a DER CRL as
application/pkix-crl.
Is there anywhere a definition what these mime types are supposed to
contain?
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
