From: ietf <ietf-bounces@xxxxxxxx> on behalf of Tim Lake <zwj2311625065@xxxxxxxxx> Sent: 22 December 2023 01:09 I agree with CRL number should need to keep monotonically increasing. <tp> I wonder if 'monotonically increasing' is understood. American mathematicians and Europen mathematicians disagree on this, with the former being inclined to 'greater than' while the latter mean 'greater than or equal to'. Being European, I was only taught the latter and raised this on this list and got told that the IETF was American and there was no problem. This was some time ago. Except that earlier in 2023, a post suggested that the IETF had it wrong and should use the European flavo(u)r. I pointed out the history but cannot recall much consensus. It was suggested that there was not much of it about which I do not agree with. I was interested to see that in the minds of some in the IETF, the issue was not settled as I asssumed it was. Anyhow, in the context of security, the American approach could be secure when the European one is not so I note the use of the word. From the context, and the auhorship, I think that the American use is intended in RC5280. Tom Petch But what confuses me is that I don’t quite understand “share one” in the following sentence. Can you help me clear up this confusion? Thank you. "If a CRL issuer generates delta CRLs in addition to complete CRLs for a given scope, the complete CRLs and delta CRLs MUST share one numbering sequence." Russ Housley <housley@xxxxxxxxxxxx<mailto:housley@xxxxxxxxxxxx>> 于2023年12月22日周五 03:54写道: Tim: See Section 5.2.3 of RFC 5280: the CRL number is a monotonically increasing sequence number. A bigger number supersedes a smaller one. If the this update field (see Section 5.1.2.4 of RFC 5280) in the two CRLs are not identical, then the CRL numbers MUST be different. Russ > On Dec 20, 2023, at 9:36 PM, Tim Lake <zwj2311625065@xxxxxxxxx<mailto:zwj2311625065@xxxxxxxxx>> wrote: > > Hello, > In RFC 5280, there is the following description: > "If a CRL issuer generates delta CRLs in addition to complete CRLs for a given scope, the complete CRLs and delta CRLs MUST share one numbering sequence." > > What does the numbering sequence mean? If the crl number of complete crl is 0x20, assuming there are three corresponding delta crl, then must the crl number of these three delta crl be 0x21, 0x22 and 0x23, or can it also be other sequence of numbers such as 0x25, 0x2a, 0x2f?
