pkix-5----Page:10
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
|
CRL checking (cache) Extract from: draft-ietf-pkix-rfc3280bis-01.txt : « This algorithm assumes that all of the needed CRLs are available in a local cache. Further, if the next update time of a CRL has passed, the algorithm assumes a mechanism to fetch a current CRL and place it in the local CRL cache. » If the cache contains an old CRL (which is a “needed CRL”) where SN of the target certificate is present, the current result of the algorithm is “UNDETERMINED”, instead of “REVOKED”. If the cache contains two valid CRLs, the most recent CRL will not necessarily be used. The result of the algorithm may be “NOT_REVOKED”, instead of “REVOKED”. The algorithm needs to be modified to take into consideration theses two cases. Current time CRL 0 CRL 1 CRL 2 |