I'm attempting to gain understanding of CRL extension vagaries in the "real world" (sorry! ;). Associated specs appear a bit broad in interpretation and specialization constraint. Being a "code monkey" droid, I'm wrestling w/ scoping the extension problem space;
(1) Notion of certificates on "hold", as opposed to simply revoked.
(1.a) Certificates delineated in a CRL where the revocation or hold date is 'in the future' relative to the "last update" date of the CRL itself.
(2) Delta CRL(s).
(3) Deferred (where a CRL distributor is specifying status for multiple issuing CA's, potentially compounded by (2) above).
Specific questions: (a) Anyone out there actually doing such? (b) Links to or capture of raw (pem/der) examples of such artifacts?
Thanks in advance - Jay
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
