[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: DPD & DPV requirements - Recursion Issues

To: "Stephen Kent" <kent@xxxxxxx>, "Frank Balluffi" <frankb@xxxxxxxxxxxx>
Subject: RE: DPD & DPV requirements - Recursion Issues
From: "Michael Myers" <myers@xxxxxxxxxxxxx>
Date: Fri, 12 Jan 2001 10:23:27 -0800
Cc: "PKIX-List" <ietf-pkix@xxxxxxx>
Importance: Normal
In-reply-to: <>

Steve,

> On Thursday, January 11, 2001 1:35 PM you wrote
>
> Since we don't trust DPD servers per se, the only issue I see here is
> whether the DPD server to which a request was made can return OCSP
> responses that were gathered by other DPD servers, without making
> that obvious to the client. I'll rely on Ambarish or Mike to answer
> that question, since I don't recall the format details well enough.

Given that OCSP may in the long run wholly replace CRLs in some environments
it does see prudent that the DPD response structure enable this option.

With regard to client notification of a DPD server's response content, note
that BasicOCSPREsponse syntax requires inclusion of ResponderID, either by
name or key hash.  Either would enable a client to identify the source(s) of
information accumulated by a DPD server in its interaction with secondary,
tertiary, etc. DPD servers.

Mike

Follow-Ups:
- RE: DPD & DPV requirements - Recursion Issues
  - From: Stephen Kent

References:
- RE: DPD & DPV requirements - Recursion Issues
  - From: Stephen Kent

Prev by Date: RE: DPD & DPV Basics
Next by Date: RE: DPD & DPV Basics
Previous by thread: RE: DPD & DPV requirements - Recursion Issues
Next by thread: RE: DPD & DPV requirements - Recursion Issues
Index(es):
- Date
- Thread