[cgl_discussion] about the requirement for PKI CA Support

Paul Kierstead paul.kierstead at alcatel.com
Thu Jun 19 06:29:46 PDT 2003

Zhao, Forrest wrote:

> *I'm a bit confused with one of CGL 2.0 requirement: ID *7.3.4 *Name 
> *PKI CA Support
> 1
> The requirement says: "Certificate Management/Request protocols are 
> not a requirement; CRL Support (Certification Revocation List) is 
> required"
> We know that CRL support is one component of Certificate Management 
> protocols (RFC 2510), how should we understand this contradiction? 
> Does this "CRL support" mean that CGL 2.0 only support the publication 
> of CRL, not support the creation of CRL?
> 2
> If we only support the publication of certificate and CRL in PKI CA, I 
> don't think this PKI CA have much use. So I'd like to ask a question: 
> what indeed do we want a PKI CA to do in CGL 2.0? Just for the 
> publication of certificate and CRL?
You do not need management protocols in order to create a CRL. For 
example, a CRL can be created from the command line or a custom GUI. The 
certificate management protocols allow a standardized mechanism to 
request (and other operations) a certificate from a remote location. 
This is not necessary IMO for the rather small PKI required for CGL.

Paul Kierstead
Alcatel Canada - R&I - Security group
600 March Road - Kanata, ON, Canada K2K 2E6
Phone: +1 613 784 3822 Fax: +1 613 784 8944 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.linux-foundation.org/pipermail/cgl_discussion/attachments/20030619/a898f2c1/attachment-0001.htm

More information about the cgl_discussion mailing list