Off-loaded validation is a MUCH better concept since it is fully
dynamic, allows arbitrary granularity down to individual EE certificates, and
most of all does not rely on a centrally funded/trusted "über-CA". In
fact, a successful rollout of SCVP will probably eliminate most other uses of
cross-certification as well.
Anders
----- Original Message
-----
From: "David A. Cooper" <
david.cooper@xxxxxxxx>
To:
"pkix" <ietf-pkix@xxxxxxx>
Sent: Friday,
July 06, 2007 23:17
Subject:
draft-ietf-pkix-scvp-32.txt
All,
I just submitted draft 32
of SCVP for posting. This draft contains some
editorial changes to
address comments raised as a result of IESG review,
but there are no changes
to the protocol, either syntactic or semantic.
A diff file comparing drafts
31 and 32 is available at
http://csrc.nist.gov/pki/documents/PKIX/wdiff_draft-ietf-pkix-scvp-31_to_32.html.
I should note that this draft does not address every
issue raised during
the IESG review. In particular, there are still
outstanding comments
from Lisa Dusseault relating to the use of HTTP, which
is mainly
specified in Appendix B of SCVP. Lisa's comments may be found
at
https://datatracker.ietf.org/idtracker/draft-ietf-pkix-scvp/comment/65322.
If there is someone who has a sufficient knowledge of
HTTP to address
the issues that Lisa raises and who is willing to work with
us to
resolve these issues, that would be
appreciated.
Dave