Internet-Draft for a quick-and-dirty incremental improvement, whitelist-based CRL processing

Kyle Hamilton Fri, 21 Oct 2011 01:56:17 -0700

http://www.ietf.org/id/draft-hamilton-cmr-00.txt


Basic overview:

1) Import CRLv2 and all semantics.
2) Change the integer identifying the sequence format from 1 to 3 (v4).
2) Change default processing path to INVALID/REVOKED.
3) Place all potentially-valid (i.e., issued certificates which have not 
expired) certificates in a non-delta CRL with removeFromCrl as the reasonCode.

This should be very easy to implement.  It should also be very easy to 
implement a whitelist-fed OCSP responder which can be shared with CAs who need 
such.  (return REVOKED unless it's on the whitelist with removeFromCrl.)

-Kyle H

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Internet-Draft for a quick-and-dirty incremental improvement, whitelist-based CRL processing

Reply via email to