[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: DPD & DPV requirements - Let us Recurse

To: "Covey, Carlin" <ccovey@xxxxxxxxxx>
Subject: RE: DPD & DPV requirements - Let us Recurse
From: Stephen Kent <kent@xxxxxxx>
Date: Fri, 5 Jan 2001 13:32:08 -0500
Cc: PKIX-List <ietf-pkix@xxxxxxx>
In-reply-to: <>
References: <>

Carlin,

Steve Kent's DPD/DPV requirements, the SCVP proposal, and the OCSP DPD proposal all permit OCSP responses
to be returned to the client as revocation status data. Presumably in each case this refers to OCSP v1 basic responses,
at least. This is all well and good, but would it not be desirable to also permit recursion in the DPD response? That is, the DPD
response might include an embedded DPD response from another server. Among other benefits, this would preserve the
timestamp (if any) on the embedded DPD response.

- Regards
Carlin Covey
Cylink Corp.

Recursion has its attractions, but nested responses seem complex, syntactically if not semantically. Given the issues you raised about the 1 level of indirection posed by a DPD or DPV server interacting with an OCSP server, I am not yet comfortable with making life more complex in this regard. First I think we need to solve the problem you identified, and then we can see if that solution will generalize to allow the recursion to work smoothly and in a readily understandable manner.

Steve

References:
- RE: DPD & DPV requirements - Let us Recurse
  - From: Covey, Carlin

Prev by Date: pkix servers
Next by Date: RE: DPD & DPV requirements - Let us Recurse
Previous by thread: RE: DPD & DPV requirements - Let us Recurse
Next by thread: RE: DPD & DPV requirements - Let us Recurse
Index(es):
- Date
- Thread