Eddy Nigg wrote, On 2009-01-12 14:51: > On 01/13/2009 12:37 AM, Julien R Pierre - Sun Microsystems: >> I agree. The person who wrote that page must have misunderstood the >> meaning of the CRL Issuing Distribution Points extension. This extension >> is required to be critical in RFC 3280 and 5280 for good reason - it >> defines the scope of the CRL. Unless the client software understands the >> scope, the CRL is meaningless to it. It should not be confused with a >> full CRL.
I don't know that the presence of a CIDP necessary means that the CRL is not a full CRL. The original comment arose in the context of a CA that was putting CIDP into their full CRLs. > I think this was Kathleen, however based on comments from here. As I > understood (from Nelson), CRLs with critical CIDP extension fail to load > properly with NSS. Is this correct? Yes. And that's appropriate for partial CRLs. _______________________________________________ dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
