[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Certificate suspension

To: Russ Housley <housley@xxxxxxxxxxxx>
Subject: Re: Certificate suspension
From: "Todd E. Johnson" <tejohnson@xxxxxxxxx>
Date: Wed, 23 Jan 2008 20:27:28 -0500
Cc: ietf-pkix@xxxxxxxx
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Received:X-YMail-OSG:X-Yahoo-Newman-Property:Message-ID:Date:From:User-Agent:MIME-Version:To:CC:Subject:References:In-Reply-To:Content-Type:Content-Transfer-Encoding; b=VKqZhoqhcnqjIFLBnss6SydyJTwMKW0MnzvFozwoeblBbd7rmf0yArmfz0fpih9C7GTObOlOKco6+jMMl7xDO3hPzMm87Dy0Wz3gQl9hWiW2ZGUkRt/Den9u8Wq4CCPn9FM0Dz2tib4mWJpmuulw2kMjG1oX/7gCZI/xYwc+24U= ;
In-reply-to: <200801232019.m0NKJ6q0018824@xxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <47969D3B.7030502@xxxxxxxxxxxxxxx> <200801232019.m0NKJ6q0018824@xxxxxxxxxxxxxxxxxxxxx>
Sender: owner-ietf-pkix@xxxxxxxxxxxx
User-agent: Thunderbird 2.0.0.6 (X11/20071022)

The U.S. Treasury PKI does not support suspension mainly due to obviousissues encountered with digital signature related transactions, andfuture validation of those transactions.

The problem is, if you are willing to honor signatures produced usingcertificates from an infrastructure that does support suspension, youwind up in the same boat. It has been a topic of much debate.


Russ Housley wrote:

I have said many times that I wish we had deprecated certificatesuspension in RFC 2459 and all of its successors. As you say, it isriddled with difficulties, and those have been discussed many times overthe years.
When we were working on RFC 2459 someone from the financial communityargued that it was needed. So, it was not deprecated. You can look atthe archives for the recurring discussion.
Russ


--


Regards,

Todd E. Johnson

References:
- Certificate suspension
  - From: Stephen Wilson
- Re: Certificate suspension
  - From: Russ Housley

Prev by Date: Re: Certificate suspension
Previous by thread: Re: Certificate suspension
Index(es):
- Date
- Thread