[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: German Law and OCSP

To: Ambarish Malpani <ambarish@xxxxxxxxxxxx>, "'ietf-pkix@xxxxxxx'" <ietf-pkix@xxxxxxx>
Subject: RE: German Law and OCSP
From: "Grant, Alistair" <Alistair.Grant@xxxxxx>
Date: Fri, 25 Feb 2000 10:53:58 +1100

Ambarish Malpani wrote:
> II. The "publicly available" clause needs to be carefully
> interpreted. I don't think it makes sense to force the VA
> to try and retrieve the certificate in question from a
> directory, because you *will* hit the situation where a
> certificate was, in fact correctly issued, but because of
> some transient network/machine problem, the VA can't get to
> the repository for an instant in time. In that case, should
> the VA return a status of bad/revoked/unknown/good? Which of
> the responses is "correct"?

If we take this reasoning one step further, the responder can't get the CRL
because of some transient network/machine problem, what should be done?
Taking this to the (ridiculous) extreme, does that mean we shouldn't force
the responder to try and retrieve the CRL?

I think the common answer will be that the responder returns unknown or
tryLater until the CRL becomes available.

I don't believe that this particular argument holds against requiring the
responder to retrieve the certificate as part of the status check.

Cheers,

Alistair Grant
Project Manager - Development
Computer Associates, OpenDirectory Lab
Melbourne, Victoria, Australia
Phone:	+61 3 9727 8912
Mobile:	+61 408 565 080
Fax:	+61 3 9727 3491
E-Mail:	Alistair.Grant@ca.com

Follow-Ups:
- Unsub
  - From: Ariel Silverstone

Prev by Date: You are unsubscribed!
Next by Date: Unsub
Previous by thread: Re: German Law and OCSP
Next by thread: Unsub
Index(es):
- Date
- Thread