[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: DPD & DPV requirements - Recursion Issues

To: ietf-pkix@xxxxxxx, ccovey@xxxxxxxxxx
Subject: RE: DPD & DPV requirements - Recursion Issues
From: Peter Sylvester <Peter.Sylvester@xxxxxxxxxx>
Date: Fri, 12 Jan 2001 20:09:24 +0100 (MET)

> Whatever is contained in a response, it is left untouched. 
> 
>      [Carlin's latest response]   OK, but what if there is no provision in the 
>      DPD response syntax for including an embedded DPD response?  The good news
>      is that the timestamp on the embedded DPD response is untouched.  The bad
>      news is that you can't include an embedded DPD response.  Catch vingt-deux.

I am not the best candidate to answer questions about DPD. I am mainly
interested in DPV (as some might imagine). 

Anyway, if I understand Mike Myers remark correctly, if a DPD server
is essentially untrusted, then it could basically just rewrite a relayed
response. 

A DPD server might have performed an OCSP check or a DPV check (for example
to validate a CA cert.) The response should be sent back to the DPD
client, this can be used by the client to make a decision about the
acceptablity of the path.

Follow-Ups:
- RE: DPD & DPV requirements - Recursion Issues
  - From: Stephen Kent

Prev by Date: RE: DPD & DPV Basics
Next by Date: Re: DPD & DPV Basics
Previous by thread: RE: DPD & DPV requirements - Recursion Issues
Next by thread: RE: DPD & DPV requirements - Recursion Issues
Index(es):
- Date
- Thread