Re: Additional Certificate Types to support CRL\ARL

[wdm@xxxxxxxxxxxxxx (W. Douglas Maughan)]

Greg,
 
> The following applies to the ISAKMP draft version 6 wrt to Certificate
> Payloads and X.509 Certificates.
> 
> As noted in previous exchanges on this mailing list it would be
> advantageous to be able to send Certificate Revocation Lists (CRL) and
> Authority Revocation Lists (ARL) in ISAKMP Certificate Payloads.
> Allowing X.509 certificates but not the accompanying CRLs\ARLs to be
> exchanged in ISAKMP is of questionable worth.  The current definition of
> a Certificate Payload is generic enough to support both user
> certificates and CRLs\ARLs.  The only change to the current draft
> necessary to allow the exchange of CRLs\ARLs is the addition of two
> Certificate Types as defined in section 3.9 Certificate Payload on page
> 32.
> 
> The types proposed are:
>   X.509 Certificate Revocation List		6
>   X.509 Authority Revocation List			7
> 
> If more discussion is required I would like to request that this topic
> be added to the IETF ipsec meeting agenda <if schedule permits etc...>.

I've captured the issue in my presentation for next week. Hopefully it
will generate further discussion.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* Douglas Maughan                Voice:  (301) 688-0847           *
* Technical Director, R23        Fax:    (301) 688-0255           *
* National Security Agency       E-mail: wdmaugh@tycho.ncsc.mil   *
* 9800 Savage Road                       maughan@cs.umbc.edu      *
* Fort Meade, MD. 20755-6000                                      *
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *