highlunder
commented
1 year ago We authors argue that we need to keep the existing encoding, at least if we want to support the compression of existing requests, which is desired.
Closed highlunder closed 1 year ago
highlunder
commented
1 year ago We authors argue that we need to keep the existing encoding, at least if we want to support the compression of existing requests, which is desired.
To simplify the process of C509 native CRLs, what about extracting some extensions from the 'extensions' field and assigning explicit fields for such extensions?
TBSCertificateSigningRequest = ( C509CertificateRevocationListType: int, issuer: Name, thisUpdate: Time, nextUpdate: Time, crlNumber: ~biguint, ;new field AuthorityKeyIdentifier: ~bstr,; new field revokedCertificates: RevokedCertificates, crlExtensions: Extensions, ; all extensions except CRLNumber and AuthorityKeyIdentifier issuerSignatureAlgorithm: AlgorithmIdentifier, )
RevokedCertificates = [ userCertificate: CertificateSerialNumber, revocationDate: Time, crlReason: ~uint,; new field crlEntryExtensions: Extensions, ; all extensions except crlReason. ]
-- Lijun Liao, https:github.com/xipki