[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Missing Protocol ?

To: Denis.Pinkas@xxxxxxxx, awa1@xxxxxxxx, rgm-sec@xxxxxxxxxxxxxxx
Subject: Re: Missing Protocol ?
From: Peter Sylvester <Peter.Sylvester@xxxxxxxxxx>
Date: Tue, 18 Apr 2000 13:46:31 +0200 (MET DST)
Cc: ietf-pkix@xxxxxxx

> 
> Sure, Denis.  Particularly since I've currently got my mind warpped around CMP.
> 
> This fits well within perceived uses of the genm and genp of CMP.  If it is 
> a request from Jon Q, the CA can decide what to respond.  If genm contains 
> a warrant, well then...
> 

- An RA collects the justifications and at the moment when it demands the certificate,
  it creates a time stamped document containing the data in whatever way and stores it
  wherever this should be, indexed by one or all the certificates it is related to.
  The document may even contain the certificates. 

- An authorised RP may asks someone (else) to return this document. The
  server should return a statement saying that 'the RA had used the data xxx to
  issue the certificate, or in other words: The server decides that the cert is/was
  valid because of of the existence of that document content.  

There are obviously several ways to implement this with some of the protocols
that exist. Since my current favorite is dvcs, I start with this:

The request would be a for a 'verify public key certificate'. The response would
not contain the certificate chain, or maybe it would, it can contain all kinds
of certificates, etc, just ONE of the certEtcToken elements would be the
signedData object created by the RA. 

CMP or CMC are similar good candidates. 

Peter Sylvester

Prev by Date: Original PKI message general info / Nested message message body
Next by Date: Re: Missing Protocol ?
Previous by thread: Re: Missing Protocol ?
Next by thread: Re: Missing Protocol ?
Index(es):
- Date
- Thread