Michael Bell wrote:
>
> Hi,
Hi,
> can I store the normal CRL in the attribute authorityRevocationList of
> the LDAP too and if I have to revoke a certificate or ca-certificate I
> store the CRL in both attributes (authorityRevocationList and
> certificateRevocationList).
>
> The difference between bot CRLs is that the revocation via the
> authorityRevocationList revokes all certificates which are signed with
> this certificate. This is no problem for a user certificate because no
> other certificates are affected but is it really allowed or does this
> solution cause serious problems?
>
> Any ideas?
I think that we, at this stage, should use only certificateRevocationList
as we currently do not separate management for subCAs and normal certificates.
Indeed we need extension management for this... :-D Somewhere in 1.1 version,
I guess...
--
C'you,
Massimiliano Pala
--o-------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager] [EMAIL PROTECTED]
[EMAIL PROTECTED]
http://www.openca.org Tel.: +39 (0)59 270 094
http://openca.sourceforge.net Mobile: +39 (0)347 7222 365
S/MIME Cryptographic Signature
