AIA in CRLs. Stefan Santesson – Microsoft Russ Housley – Vigil Security. AIA in CRL status report. 5 Issues recorded Solution proposed for each. Issue #1. Denis: CRL issuer certs MUST be issued by the certificate issueing CA
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
AIA in CRLs
Stefan Santesson – Microsoft
Russ Housley – Vigil Security
"When the HTTP scheme is specified, the URI MUST specify the location of a certificate containing file. The file MUST contain either a single binary DER encoded certificate (indicated by the .cer file extension) or one or more certificates encapsulated in a CMS certs-only (PKCS#7) message [ref] (indicated by the .p7c file extension).HTTP server implementations accessed via the URI SHOULD use the appropriate MIME [ref] content-type for the certificate containing file.Specifically, the HTTP server SHOULD use the content-type application/pkix-cert [ref] for a single DER encoded certificate and application/pkcs7-mime [ref] for CMS certs-only (PKCS#7). Consuming clients may use the MIME type and file extension as a hint to the file content, but should not depend solely on the presence of the correct MIME type or file extension in the server response."