[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Certificate suspension

To: ietf-pkix@xxxxxxx
Subject: Re: Certificate suspension
From: "Todd E. Johnson" <tejohnson@xxxxxxxxx>
Date: Wed, 23 Jan 2008 19:45:05 -0500
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Received:X-YMail-OSG:X-Yahoo-Newman-Property:Message-ID:Date:From:User-Agent:MIME-Version:To:Subject:References:In-Reply-To:Content-Type:Content-Transfer-Encoding; b=hwtMzId/VU/R2UQNN15IyKlhn5wN1gcpnMobEwnCyCDnTxcaRkSd6WwP9heWpDhQz0hsNfo4uMd52XXp6Lf47rj9qwr0ViKb0kVHt+qQ7E37C9Z9nVnyfxK9gyVIpbU7Hnbg5UYXPzB22MId28gkkgqRqePoEYe1/fZD8LbP/ls= ;
In-reply-to: <200801232019.m0NKJ6q0018824@xxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <47969D3B.7030502@xxxxxxxxxxxxxxx> <200801232019.m0NKJ6q0018824@xxxxxxxxxxxxxxxxxxxxx>
Sender: owner-ietf-pkix@xxxxxxxxxxxx
User-agent: Thunderbird 2.0.0.6 (X11/20071022)

The U.S. Treasury does not support suspension mainly due to obviousissues encountered with digital signature related transactions, andfuture validation of those transactions. The problem is, if you arewilling to honor signatures produced using certificates from aninfrastructure that does support suspension, you wind up in the sameboat. It has been a topic of much debate.


Russ Housley wrote:

I have said many times that I wish we had deprecated certificatesuspension in RFC 2459 and all of its successors. As you say, it isriddled with difficulties, and those have been discussed many times overthe years.
When we were working on RFC 2459 someone from the financial communityargued that it was needed. So, it was not deprecated. You can look atthe archives for the recurring discussion.
Russ

--


Regards,

Todd E. Johnson

Follow-Ups:
- Re: Certificate suspension
  - From: Scott Rea

References:
- Certificate suspension
  - From: Stephen Wilson
- Re: Certificate suspension
  - From: Russ Housley

Prev by Date: Re: Wildcard DNS. Re: rfc 3280bis
Next by Date: Re: Certificate suspension
Previous by thread: Re: Certificate suspension
Next by thread: Re: Certificate suspension
Index(es):
- Date
- Thread