Page MenuHome GnuPG

CRL issuingDistributionPoint support
Closed, WontfixPublic

Description

As in https://lists.gnupg.org/pipermail/gnupg-devel/2007-October/024011.html,
asking for support of issuingDistributionPoint (2.5.29.28) in gnupg/dirmngr's CRL
code.

DigiCert's CRLs have this extension and mark it as critical (although it does not
have much useful information), for example
[http://crl3.digicert.com/TERENAPersonalCA3.crl].

Details

Version
2.1.6

Event Timeline

marcus claimed this task.
marcus added a subscriber: marcus.

Digicert TERENAPersonalCA3 doesn't use issuingDistributionPoint anymore. It's hard to survey CRLs that are actually in use, so I don't know if there are other important users, but the fact that nobody else reported such problems is an indication that it is not widely used among dirmngr users. Supporting this is a lot of work, because it makes validating certificates much more complicated, so this is unlikely to happen without strong motivation, so I am closing this here.