Raytheon Company Public Key Infrastructure (PKI) Certificate Policy
Raytheon Company Public Key Infrastructure (PKI) Certificate Policy
Raytheon Company Public Key Infrastructure (PKI) Certificate Policy
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
10.17 Medium Assurance CA CRL Format<br />
Field Value<br />
Version V2<br />
Issuer Signature Algorithm sha-1WithRSAEncryption {1 2 840 113549 1 1 5} or<br />
sha256 WithRSAEncryption {1 2 840 113549 1 1 11}<br />
Issuer Distinguished Name ou=class3, o=CAs, dc=raytheon, dc=com<br />
Effective date expressed in UTCTime until 2049<br />
Next update expressed in UTCTime until 2049 (>= thisUpdate + CRL issuance<br />
frequency)<br />
Revoked certificates list 0 or more 2-tuple of certificate serial number and revocation date (in<br />
Generalized Time)<br />
Issuer’s Signature sha-1WithRSAEncryption {1 2 840 113549 1 1 5} or<br />
sha256 WithRSAEncryption {1 2 840 113549 1 1 11}<br />
CRL Extension Value<br />
CRL Number c=no; monotonically increasing integer (never repeated)<br />
Authority <strong>Key</strong> Identifier c=no; Octet String (same as in Authority <strong>Key</strong> Identifier field in certificates<br />
issued by the CA)<br />
Issuing Distribution Point c=yes; distribution point field must contain a full name (i.e., distribution<br />
point field may not contain nameRelativetoCRLIssuer); the following<br />
fields must all be absent: onlySomeReasons, indirectCRL and<br />
onlyContainsAttributeCerts<br />
CRL Entry Extension Value<br />
Reason Code c=no; ; optional, must be included when reason code = key compromise<br />
or CA compromise<br />
Hold Instruction c=no; optional, id-holdinstruction-reject 32<br />
32 may be present only if reason code = certificateHold<br />
107 7/25/2011