blank.gif (43 bytes)

Church Of The
Swimming Elephant

3.5.2 PEM CRL Format Connected: An Internet Encyclopedia
3.5.2 PEM CRL Format

Up: Connected: An Internet Encyclopedia
Up: Requests For Comments
Up: RFC 1422
Up: 3. Architecture
Up: 3.5 Certificate Revocation
Prev: 3.5.1 X.509 CRLs
Next: 3.6 Certificate Validation

3.5.2 PEM CRL Format

3.5.2 PEM CRL Format

Appendix A contains the ASN.1 description of CRLs specified by this document. This section provides an informal description of CRL components analogous to that provided for certificates in Section 3.3.

  1. signature (signature algorithm ID and parameters)

  2. issuer

  3. last update

  4. next update

  5. revoked certificates

The "signature" is a data item completely analogous to the signature data item in a certificate. Similarly, the "issuer" is the DN of the CA which signed the CRL. The "last update" and "next update" fields contain time and date values (UTCT format) which specify, respectively, when this CRL was issued and when the next CRL is scheduled to be issued. Finally, "revoked certificates" is a sequence of ordered pairs, in which the first element is the serial number of the revoked certificate and the second element is the time and date of the revocation for that certificate.

The semantics for this second element are not made clear in X.509. For example, the time and date specified might indicate when a private component was thought to have been compromised or it may reflect when the report of such compromise was reported to the CA.

For uniformity, this document adopts the latter convention, i.e., the revocation date specifies the time and date at which a CA formally acknowledges a report of a compromise or a change or DN attributes. As with certificates, it is recommended that the UTCT values be of no finer granularity than minutes and that all values be stated in terms of Zulu.

Next: 3.6 Certificate Validation

Connected: An Internet Encyclopedia
3.5.2 PEM CRL Format


Protect yourself from cyberstalkers, identity thieves, and those who would snoop on you.
Stop spam from invading your inbox without losing the mail you want. We give you more control over your e-mail than any other service.
Block popups, ads, and malicious scripts while you surf the net through our anonymous proxies.
Participate in Usenet, host your web files, easily send anonymous messages, and more, much more.
All private, all encrypted, all secure, all in an easy to use service, and all for only $5.95 a month!

Service Details

Have you gone to church today?
All pages ©1999, 2000, 2001, 2002, 2003 Church of the Swimming Elephant unless otherwise stated
Church of the Swimming Elephant©1999, 2000, 2001, 2002, 2003 is a wholly owned subsidiary of Packetderm, LLC.

Packetderm, LLC
210 Park Ave #308
Worcester, MA 01609