Re: Missing Protocol ?

[Robert Moskowitz <rgm-sec@xxxxxxxxxxxxxxx>]

At 05:01 PM 4/17/2000 +0200, Denis Pinkas wrote:

> We could standardize the request and very loosely standardize the
> response. The request is easy to standardize: "I want more
> registration information on the certificate holder that has the
> following serial number". Depending both, on who the requester is
> and the certificate policy of the CA, more or less (even none)
> information will be released to the requester. We could thus
> standardize the response without mandating any component to be
> returned. In any case, it would be better than paper.
Sure, Denis.  Particularly since I've currently got my mind warpped around CMP.

This fits well within perceived uses of the genm and genp of CMP.  If it is 
a request from Jon Q, the CA can decide what to respond.  If genm contains 
a warrant, well then...

We have the basics here to build up requests for archived data.

I have been talking to some US university people that want anonymous certs 
for their library system.  A student might use their student cert for such 
a library cert.  A resident might use their DMV cert to get one.

But what if a proper authority needed to know who is cert holder 
3458923?  If the requester was the librarian, the response might be:  "A 
resident (non-student) of the State".  If it was a  law-type with a warrant 
it might be "Student ID-3456"; then let them deal with the school admin to 
learn more....



Robert Moskowitz
ICSA
Security Interest EMail: rgm-sec@htt-consult.com