[cgl_discussion] about the requirement for PKI CA Support
paul.kierstead at alcatel.com
Thu Jun 19 06:29:46 PDT 2003
Zhao, Forrest wrote:
> *I'm a bit confused with one of CGL 2.0 requirement: ID *7.3.4 *Name
> *PKI CA Support
> The requirement says: "Certificate Management/Request protocols are
> not a requirement; CRL Support (Certification Revocation List) is
> We know that CRL support is one component of Certificate Management
> protocols (RFC 2510), how should we understand this contradiction?
> Does this "CRL support" mean that CGL 2.0 only support the publication
> of CRL, not support the creation of CRL?
> If we only support the publication of certificate and CRL in PKI CA, I
> don't think this PKI CA have much use. So I'd like to ask a question:
> what indeed do we want a PKI CA to do in CGL 2.0? Just for the
> publication of certificate and CRL?
You do not need management protocols in order to create a CRL. For
example, a CRL can be created from the command line or a custom GUI. The
certificate management protocols allow a standardized mechanism to
request (and other operations) a certificate from a remote location.
This is not necessary IMO for the rather small PKI required for CGL.
Alcatel Canada - R&I - Security group
600 March Road - Kanata, ON, Canada K2K 2E6
Phone: +1 613 784 3822 Fax: +1 613 784 8944
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the cgl_discussion