[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: request for WG to adopt draft-chadwick-webdav-00.txt as a work item

To: David Chadwick <d.w.chadwick@xxxxxxxxxx>
Subject: Re: request for WG to adopt draft-chadwick-webdav-00.txt as a work item
From: Stephen Kent <kent@xxxxxxx>
Date: Mon, 10 Sep 2007 13:11:31 -0400
Cc: "ietf-pkix@xxxxxxx" <ietf-pkix@xxxxxxx>
In-reply-to: <46E1B0B7.3080003@xxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <OF3876B698.C80CC9A9-ONC125734F.002F7456@xxxxxxxxxxxx> <46E1B0B7.3080003@xxxxxxxxxx>
Sender: owner-ietf-pkix@xxxxxxxxxxxx


David,

I have to agree with those who have expressed some concerns aboutsecurity aspects of cert revocation status under the WebDAV model. Ithink it is a precept of current PKI models that we don't relycompletely on the integrity of repositories. That's why we postsigned CRLs and why the v2 CRL has both this update and next updatefields. We are always cognizant of the possibility that even withsigned data, the data might not be fresh, and so we try to minimizethe vulnerabilities associated with our reliance on on repositories.


Steve

Follow-Ups:
- Re: request for WG to adopt draft-chadwick-webdav-00.txt as a work item
  - From: David Chadwick

References:
- Re: request for WG to adopt draft-chadwick-webdav-00.txt as a work item
  - From: Denis Pinkas
- Re: request for WG to adopt draft-chadwick-webdav-00.txt as a work item
  - From: David Chadwick

Prev by Date: Re: Matching rule review comment on 3280bis
Next by Date: Re: Matching rule review comment on 3280bis
Previous by thread: Re: request for WG to adopt draft-chadwick-webdav-00.txt as a work item
Next by thread: Re: request for WG to adopt draft-chadwick-webdav-00.txt as a work item
Index(es):
- Date
- Thread