Delegated CRLs and Indirect CRLs Santosh : « If you want to propose a single delegated CRL, this must be done via a new extension or show how existing implementations can stay compliant with it ». Response: Delegated CRLs may be supported without a new extension, by preserving backward compatibility (?). If a CRL Issuer (that is not a CA) inserts an IDP CRL extension, but only “works” for a single CA, RP software MAY work using the existing algorithm, and MAY use a simpler piece of code. Benefits: a simple piece of Relying Party code to support the simple case where a CRL Issuer is only “working” for one CA. |