I agree with CRL number should need to keep monotonically increasing.
But what confuses me is that I don’t quite understand “share one” in the following sentence. Can you help me clear up this confusion? Thank you.
"If a CRL issuer generates delta CRLs in addition to complete CRLs for a given scope, the complete CRLs and delta CRLs MUST share one numbering sequence."
Russ Housley <housley@xxxxxxxxxxxx> 于2023年12月22日周五 03:54写道:
Tim:
See Section 5.2.3 of RFC 5280: the CRL number is a monotonically increasing sequence number. A bigger number supersedes a smaller one. If the this update field (see Section 5.1.2.4 of RFC 5280) in the two CRLs are not identical, then the CRL numbers MUST be different.
Russ
> On Dec 20, 2023, at 9:36 PM, Tim Lake <zwj2311625065@xxxxxxxxx> wrote:
>
> Hello,
> In RFC 5280, there is the following description:
> "If a CRL issuer generates delta CRLs in addition to complete CRLs for a given scope, the complete CRLs and delta CRLs MUST share one numbering sequence."
>
> What does the numbering sequence mean? If the crl number of complete crl is 0x20, assuming there are three corresponding delta crl, then must the crl number of these three delta crl be 0x21, 0x22 and 0x23, or can it also be other sequence of numbers such as 0x25, 0x2a, 0x2f?
