[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: I-D ACTION:draft-ietf-pkix-time-stamp-08.txt. HASH

To: "Manger, James H" <James.H.Manger@xxxxxxxxxxxxxxxx>
Subject: RE: I-D ACTION:draft-ietf-pkix-time-stamp-08.txt. HASH
From: Stephen Kent <kent@xxxxxxx>
Date: Fri, 30 Jun 2000 14:50:09 -0400
Cc: "'PKIX'" <ietf-pkix@xxxxxxx>
In-reply-to: <>
References: <>

Jim,

I support Denis in his desire to have the TSA check everything it can (syntactically) in a request. Not checking allows the TSA to sign tokens that are just broken. We have seen many examples of broken certs signed by CAs, so I think it worthwhile that we put language in RFCs to require, where possible, that appropriate consistency checks be performed. RFC 2459 has a few statement about relationships among extensions, which gets to the same concerns. We could put in more, or collect them in one place, and make for a better document.

I may have lost track of the counter argument here. Why would one not want to have a TSA do the best possible job when it comes to ensuring syntactic consistency re its inputs?

Steve

Follow-Ups:
- RE: I-D ACTION:draft-ietf-pkix-time-stamp-08.txt. HASH
  - From: Paul Koning

References:
- RE: I-D ACTION:draft-ietf-pkix-time-stamp-08.txt. HASH
  - From: Manger, James H

Prev by Date: Re: AW: self-signed TSA [Was Re: Private Key Cloning]
Next by Date: Re: DSA & ASN.1
Previous by thread: RE: I-D ACTION:draft-ietf-pkix-time-stamp-08.txt. HASH
Next by thread: RE: I-D ACTION:draft-ietf-pkix-time-stamp-08.txt. HASH
Index(es):
- Date
- Thread