pkix-5----Page:13
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
|
Indirect CRLs (5.3.4 Certificate Issuer) Extract from: draft-ietf-pkix-rfc3280bis-01.txt : “When present, the certificate issuer CRL entry extension includes one or more names from the issuer field and/or issuer alternative name extension of the certificate that corresponds to the CRL entry”. Extract from: draft-ietf-pkix-rfc3280bis-01.txt (4.2.1.14 CRL Distribution Points) : “The cRLIssuer identifies the entity who signs and issues the CRL. If present, the cRLIssuer MUST contain at least one an X.500 distinguished name (DN), and MAY also contain other name forms”. In section “4.2.1.7 Issuer Alternative Name” there is no requirement for uniqueness of IssuerAltName. It is getting worse with name collisions ! Please suppress “and/or issuer alternative name extension” . |