[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IKEV2: Issue #4 Revised Identity




>   and that's where you find the crl. I don't know. I punt to pkix to decide
> what the "URL" means. I think that there are documents now that tell me
> how to get stuff via HTTP, right?

Yes, and there's also apparently some way to embed URLs pointing to
(multiple) CRL distribution points into certificates.

See RFC 3280, section 4.2.1.14, on CRL Distribution Points.


   The CRL distribution points extension identifies how CRL information
   is obtained.  The extension SHOULD be non-critical, but this profile
   RECOMMENDS support for this extension by CAs and applications.

Russ