[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: CRL Distribution Mechanism Evaluation and Considerations

To: openldap-general@OpenLDAP.org
Subject: Re: CRL Distribution Mechanism Evaluation and Considerations
From: Michael Ströder <michael.stroeder@inka.de>
Date: Mon, 06 Dec 1999 13:30:47 +0100
Organization: at Home
References: <19991206020305.71429.qmail@hotmail.com>

Franklin Lee wrote:
> 
> >You don't have to secure the transport of CRLs with e.g. SSL
> >because the CRL
> >1. contains public data (serial numbers of revoked certs).
> >2. is also a certificate issued by the CA => non repudiation is already
> >garanteed by the CA's signature.
> 
> Yet, will the considerations be different for the following cases:
> a) CA <-> CA
> b) CA Server <-> Client

???

Off course, the validity of self-signed CA certs has to be checked by
any entity (no matter if client, server, other CA) using the CA cert by
checking the fingerprint out-of-band.

But this is getting off-topic in this forum...

Ciao, Michael.

Prev by Date: Re: CRL Distribution Mechanism Evaluation and Considerations
Next by Date: Re: openldap, pam_ldap, accounts
Index(es):
- Chronological
- Thread