| Tim:
Say the base CRL number is 0x2a, and there is a Delta CRL against this base CRL with a number of 0x2e, then applying the delta to the base will yield the same revocation information at the complete CRL with the number of 0x2e.
Russ On Dec 21, 2023, at 8:09 PM, Tim Lake <zwj2311625065@xxxxxxxxx> wrote:
I agree with CRL number should need to keep monotonically increasing. But what confuses me is that I don’t quite understand “share one” in the following sentence. Can you help me clear up this confusion? Thank you. "If a CRL issuer generates delta CRLs in addition to complete CRLs for a given scope, the complete CRLs and delta CRLs MUST share one numbering sequence." Tim:
See Section 5.2.3 of RFC 5280: the CRL number is a monotonically increasing sequence number. A bigger number supersedes a smaller one. If the this update field (see Section 5.1.2.4 of RFC 5280) in the two CRLs are not identical, then the CRL numbers MUST be different.
Russ
> On Dec 20, 2023, at 9:36 PM, Tim Lake <zwj2311625065@xxxxxxxxx> wrote:
>
> Hello,
> In RFC 5280, there is the following description:
> "If a CRL issuer generates delta CRLs in addition to complete CRLs for a given scope, the complete CRLs and delta CRLs MUST share one numbering sequence."
>
> What does the numbering sequence mean? If the crl number of complete crl is 0x20, assuming there are three corresponding delta crl, then must the crl number of these three delta crl be 0x21, 0x22 and 0x23, or can it also be other sequence of numbers such as 0x25, 0x2a, 0x2f?
|
