RE: OCSP-X vs SCVP

To: Khaja Ahmed <Khaja.Ahmed@xxxxxxxxxxxx>, "'Russ Housley '" <housley@xxxxxxxxxx>, "'ietf-pkix@xxxxxxx '" <ietf-pkix@xxxxxxx>

Subject: RE: OCSP-X vs SCVP

From: Michael Zolotarev <mzolotarev@xxxxxxxxxxxxx>

Date: Fri, 10 Nov 2000 09:51:59 +1100

Title: RE: OCSP-X vs SCVP

Can anyone bother explaining a simple thing to me (I didn't have my morning coffee yet, so I'm still mentally a bit retarded):

What is XML community, exactly? Is it a bunch of applications sitting on top of XML-messaging backbone? Now then, do those application call any APIs at all? Or do they do all the heavy-weight stuff themselves? I hope that a concept of APIs is not totally abandoned in the "XML community". Does anybody in the community create PKCS10 in hard way? Or parse a certificate, or a CRL by doing it bit-by-bit, doesn;t matter what the encoding is? I guess no. They use APIs.

If so ( if not, stop further reading), then obtaining OCSP is just another matter for an API. And it absolutely doesn't matter if the API uses ASN1 or XML or whatever else. The XML-community won't see it, and must't see it. Exactly as it is for VB community, Fortran community, Cobol community and IBM360 mcaro assembler community.

Time for my morning coffee. I'll be more bright when I'm back :) Please response.

Michael

-----Original Message-----
From: Khaja Ahmed [mailto:Khaja.Ahmed@identrus.com]
Sent: Friday, 10 November 2000 8:27
To: 'Russ Housley '; 'ietf-pkix@imc.org '
Subject: RE: OCSP-X vs SCVP

I would even go so far as to say that for the community that is XML dependant the nomination you make is the only workable one.

Khaja

-----Original Message-----
From: Russ Housley
To: ietf-pkix@imc.org
Sent: 11/9/00 5:11 PM
Subject: OCSP-X vs SCVP

A few weeks ago, there was a brief discussion of OCSP-X vs SCVP. The
only
consensus point was that we need to have one PKIX solution for
certification path validation, not two. However, we did not pick one of

these two alternatives. I think we need to pick one. We should not put

further efforts into two solutions.

There are at least three communities that need to be served by this
protocol: very lightweight clients, organizations that want centralized
control, and clients that do not parse ASN.1 but understand XML. I am
not
sure that there is consensus about these user groups. If not, we need
to
get to consensus ...

If these are the user groups that we are trying to satisfy, then I think

that SCVP is the better answer.

Let the debate begin ...

Russ

Follow-Ups:

Re: OCSP-X vs SCVP
- From: Rich Salz
Re: OCSP-X vs SCVP
- From: Marc Branchaud