2.17. New Section 5.3.19.17 - CRL Update Retrieval

The following subsection introduces the PKI general message using id-it-crlStatusList and id-it-crls. Details are specified in Section 4.3 of the Lightweight CMP Profile [RFC9483]. Insert this section after the new Section 5.3.19.16:

5.3.19.17. CRL Update Retrieval

This MAY be used by the client to get new CRLs, specifying the source of the CRLs and the thisUpdate value of the latest CRL it already has, if available. A CRL source is given either by a DistributionPointName or the GeneralNames of the issuing CA. The DistributionPointName should be treated as an internal pointer to identify a CRL that the server already has and not as a way to ask the server to fetch CRLs from external locations. The server shall only provide those CRLs that are more recent than the ones indicated by the client.

GenMsg:    {id-it 22}, SEQUENCE SIZE (1..MAX) OF CRLStatus
GenRep:    {id-it 23}, SEQUENCE SIZE (1..MAX) OF
                         CertificateList  |  < absent >

CRLSource ::= CHOICE {
   dpn          [0] DistributionPointName,
   issuer       [1] GeneralNames }

CRLStatus ::= SEQUENCE {
   source       CRLSource,
   thisUpdate   Time OPTIONAL }

2.17. New Section 5.3.19.17 - CRL Update Retrieval​

5.3.19.17. CRL Update Retrieval​

2.17. New Section 5.3.19.17 - CRL Update Retrieval

5.3.19.17. CRL Update Retrieval