[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: DPD & DPV requirements - Let us Recurse

To: kent@xxxxxxx
Subject: RE: DPD & DPV requirements - Let us Recurse
From: Peter Sylvester <Peter.Sylvester@xxxxxxxxxx>
Date: Mon, 8 Jan 2001 12:51:03 +0100 (MET)
Cc: ietf-pkix@xxxxxxx

> 
> Returning info that explains why a server believes that the returned 
> data supports validation is an interesting notion. The first example 
> of that I saw was in work performed by colleagues here at BBN, on a 
> project calls IOS, in the early 90s, where servers did that.  But, I 
> think this is still an R&D topic for now, not yet ready for 
> standardization.

Isn't part of this 'interesting notion' the cert chain itself. The
certificate chain return by a DPV server is the chain that has
been used to validate it, and the server believes that this chain
is valid. 

If the service is implemented using some relaying, such that a 
server becomes a client of someone else, what research problem
is there that the intermediate server/client wants to provide the
results? If for the initial client the result of the validation
becomes something that can be stored somewhere, e.g. similar to
an OCSP response stored in the SMIME/ETSI signature format stuff,
then essentially this client becomes an intermediate server for
another verifier of the enhanced signature.

Follow-Ups:
- RE: DPD & DPV requirements - Let us Recurse
  - From: Stephen Kent

Prev by Date: Experimental TSA
Next by Date: Re: DPD & DPV requirements
Previous by thread: RE: DPD & DPV requirements - Let us Recurse
Next by thread: RE: DPD & DPV requirements - Let us Recurse
Index(es):
- Date
- Thread