[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: DPD & DPV requirements - Recursion Issues

To: Stephen Kent <kent@xxxxxxx>, Michael Myers <myers@xxxxxxxxxxxxx>
Subject: RE: DPD & DPV requirements - Recursion Issues
From: Michael Myers <MMyers@xxxxxxxxxxxx>
Date: Mon, 15 Jan 2001 18:22:05 -0800
Cc: PKIX-List <ietf-pkix@xxxxxxx>

Steve,

> On Friday, January 12, 2001 3:19 PM you wrote:
> . . . 
> the question I asked was whether the OCSP response carried data that 
> tied it to a requestor, not a responder.

As Rick Salz noted, RFC 2560 enables such binding via the nonce mechanism.
Use of this mechanism is not however mandated.  Also, Rich Akney was a
strong advocate of the OPTIONAL requestorName syntax in an OCSP request.
The definition of the production of response signature in RFC 2560 does not
include the contents of the request in its hash.  We might wish to consider
amending this in the OCSPv2 I-D but it's not yet clear to me that we should
inhibit response transparency.  A relying party might very well wish to know
who is ultimately standing behind a certificate.

Mike

Follow-Ups:
- RE: DPD & DPV requirements - Recursion Issues
  - From: Stephen Kent

Prev by Date: NSPW 2001 CFP
Next by Date: RE: DPD & DPV requirements
Previous by thread: RE: DPD & DPV requirements - Recursion Issues
Next by thread: RE: DPD & DPV requirements - Recursion Issues
Index(es):
- Date
- Thread