"Salz, Rich" wrote:
> Very very bad idea. There are various alternative ways of getting fast
> online status; OCSP is one. Valicert has a cute patenteded data structure
> called CRT's that can be effective. Entrust has a way of "delegating" CRL's
> that might work.
Sorry, I'm not looking for patented or proprietary solutions, I was wondering
if my problem could be solved by standards. At last I decided that the only
way of generating such informations would be having an OCSP reponder that
gives revoked the suspended certificate with, in exts, reason set to
certificateHold ...
> Look around. Don't invent a new mechanism; it is not needed.
That was my porpouse... :-D
C'you,
Massimiliano Pala ([EMAIL PROTECTED])
S/MIME Cryptographic Signature