A CRL-retrieval request is a new type of privacy-enhanced message, distinguished from RFC 1421 privacy-enhanced messages by the process type CRL-RETRIEVAL-REQUEST.
The request has two or more encapsulated header fields: the required "Proc-Type:" field and one or more "Issuer:" fields. The fields must appear in the order just described. There is no encapsulated text, so there is no blank line separating the fields from encapsulated text.
Each "Issuer:" field specifies an issuer whose latest CRL is to be retrieved. The field contains a value of type Name specifying the issuer's distinguished name. The value is encoded as in an RFC 1421 "Originator-ID-Asymmetric:" field (i.e., according to the Basic Encoding Rules, then in ASCII).
Example:
To: cert-service@ca.domain From: requestor@host.domain -----BEGIN PRIVACY-ENHANCED MESSAGE----- Proc-Type: 4,CRL-RETRIEVAL-REQUEST Issuer: <issuer whose latest CRL is to be retrieved> Issuer: <another issuer whose latest CRL is to be retrieved> -----END PRIVACY-ENHANCED MESSAGE-----