blank.gif (43 bytes)

Church Of The
Swimming Elephant

Search: CA Responsibilities for CRL Management Connected: An Internet Encyclopedia CA Responsibilities for CRL Management

Up: Connected: An Internet Encyclopedia
Up: Requests For Comments
Up: RFC 1422
Up: 3. Architecture
Up: 3.4 Roles and Responsibilities
Up: 3.4.4 Certification Authorities
Next: 3.5 Certificate Revocation CA Responsibilities for CRL Management CA Responsibilities for CRL Management

As X.500 directory servers become available, CRLs should be maintained and accessed via these servers. However, prior to widespread deployment of X.500 directories, this document adopts some additional requirements for CRL management by CAs and PCAs. As per X.509, each CA is required to maintain a CRL (in the format specified by this document in Appendix A) which contains entries for all certificates issued and later revoked by the CA. Once a certificate is entered on a CRL it remains there until the validity interval expires. Each PCA is required to maintain a CRL for revoked CA certificates within its domain. The interval at which a CA issues a CRL is not fixed by this document, but the PCAs may establish minimum and maximum intervals for such issuance.

As noted earlier, each PCA will provide access to a database containing CRLs issued by the IPRA, PCAs, and all CAs. In support of this requirement, each CA must supply its current CRL to its PCA in a fashion consistent with CRL issuance rules imposed by the PCA and with the next scheduled issue date specified by the CA (see Section 3.5.1). CAs may distribute CRLs to subordinate UAs using the CRL processing type available in PEM messages (see RFC 1421). CAs also may provide access to CRLs via the database mechanism described in RFC 1424 and alluded to immediately above.

Next: 3.5 Certificate Revocation

Connected: An Internet Encyclopedia CA Responsibilities for CRL Management


Protect yourself from cyberstalkers, identity thieves, and those who would snoop on you.
Stop spam from invading your inbox without losing the mail you want. We give you more control over your e-mail than any other service.
Block popups, ads, and malicious scripts while you surf the net through our anonymous proxies.
Participate in Usenet, host your web files, easily send anonymous messages, and more, much more.
All private, all encrypted, all secure, all in an easy to use service, and all for only $5.95 a month!

Service Details

Have you gone to church today?
All pages ©1999, 2000, 2001, 2002, 2003 Church of the Swimming Elephant unless otherwise stated
Church of the Swimming Elephant©1999, 2000, 2001, 2002, 2003 is a wholly owned subsidiary of Packetderm, LLC.

Packetderm, LLC
210 Park Ave #308
Worcester, MA 01609