[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: More on OCSP and CSL

To: Massimiliano Pala <madwolf@xxxxxxxxxxxxxxxx>
Subject: Re: More on OCSP and CSL
From: Stephen Kent <kent@xxxxxxx>
Date: Fri, 28 Jan 2000 15:50:38 -0500
Cc: ietf-pkix@xxxxxxx
In-reply-to: <>
References: <388C9134.384F42E@comune.modena.it><388D5F8A.CC97092B@SURFnet.nl> <388DB8CD.85076CDD@comune.modena.it><38909B93.1F87021F@SURFnet.nl> <>

Massimiliano,

I think we've established that, syntactically, we can represent the CSL concept using a CRL, with appropriate reason codes. Thus there is no motivation to create another syntactic construct. A CA can choose to issues a CDP just for suspended certs if appropriate.

One might choose to propose a new work item, a protocol for suspension and reinstantiation of certificates, based on the motivations that you are describing here. Personally, I don't find them compelling in most instances. For example, the user who leaves his smart card at work before going on vacation. However, some in the financial community have suggested such scenarios to justify the existence of suspension in the first place, so I know that you are not alone in thinking this way!

Steve

References:
- More on OCSP and CSL
  - From: Massimiliano Pala

Prev by Date: Re: OCSP and CSL
Next by Date: Re: OCSP and CSL
Previous by thread: More on OCSP and CSL
Next by thread: RE: More on OCSP and CSL
Index(es):
- Date
- Thread