May I respectfully suggest the following updates?
I see the meaning as quite clear, but if you would like me to explain -
please let me know.
in 3.9.5
The distributionPoint MUST contain general names, and MUST NOT
contain a nameRelativeToCRLIssuer. The type of the general name MUST
be of type URI. In this profile, the scope of the CRL is specified
to be all certificates issued by this issuer. The sequence of
distributionPoint values MUST contain only a single
DistributionPointName set. The DistributionPointName set MAY contain
more than one URI value. An RSYNC URI MUST be present in the
DistributionPointName set, and reference the most recent instance of
this issuer's certificate revocation list. Other access form URIs
MAY be used in addition to the RSYNC URI. If there is more than one
URI in the sequence, then the order of the URIs in the sequence
SHALL be interpreted as the publisher's relative preference for
supporting retrieval mechanism services, with the first URI in
the sequence being the most preferred service.
in 3.9.6
This profile uses a URI form of object identification. The preferred
URI access mechanisms is "rsync", and an RSYNC URI MUST be specified
with an accessMethod value of id-ad-caIssuers. The URI MUST
reference the point of publication of the certificate where this
issuer is the subject (the issuer's immediate superior certificate).
Other access method URIs referencing the same object MAY also be
included in the value sequence of this extension. If there is more
than one
URI in the sequence, then the order of the URIs in the sequence
SHALL be interpreted as the publisher's relative preference for
supporting retrieval mechanism services, with the first URI in
the sequence being the most preferred service.
in 3.9.7
This profile uses a URI form of location identification. The
preferred URI access mechanism is "rsync", and an RSYNC URI MUST be
specified, with an access method value of id-ad-caRepository when the
subject of the certificate is a CA. The RSYNC URI must reference an
object collection rather than an individual object and MUST use a
trailing '/' in the URI. Other access method URIs that reference the
same location MAY also be included in the value sequence of this
extension.If there is more than one URI in the sequence, then the
order of the URIs in the sequence SHALL be interpreted as the
publisher's relative preference for supporting retrieval mechanism
services, with the first URI in the sequence being the most preferred
service.
Cheers
Terry
--
Terry Manderson email: [EMAIL PROTECTED]
Network Operations Manager, APNIC sip: [EMAIL PROTECTED]
http://www.apnic.net phone: +61 7 3858 3100
_______________________________________________
Sidr mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/sidr
