Internet X.509 Public Key Infrastructure ENHANCED CRL DISTRIBUTION OPTIONS

Document Type Expired Internet-Draft (pkix WG)
Authors Warwick Ford  , Phillip Hallam-Baker 
Last updated 1998-08-11
Stream IETF
Intended RFC status (None)
Expired & archived
pdf htmlized (tools) htmlized bibtex
Stream WG state WG Document
Document shepherd No shepherd assigned
IESG IESG state Expired
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


This Internet Draft specifies some proposed enhancements to the X.509 CRL mechanism used to determine if a public-key certificate is valid or revoked. These enhancements provide advantages over existing CRL mechanisms, including those that use static CRL partitioning as defined in ISO/IEC 9504-8/ITU-T Rec. X.509. In particular, the mechanisms proposed can: (a) reduce the need for unnecessarily fetching unchanged CRLs, thereby greatly expanding the value of caching CRLs; (b) allow CRL timeliness to be improved; (c) accommodate dynamic partitioning as opposed to fixed partitioning; (d) better support use of certificates in multiple environments with different CRL stores. This document is submitted for consideration as the basis of possible future IETF standardization. Please send comments on this document to the mail list.


Warwick Ford (
Phillip Hallam-Baker (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)