[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Need to support non-ASN.1 DPV clients?

To: Steve Hanna <steve.hanna@xxxxxxx>
Subject: Re: Need to support non-ASN.1 DPV clients?
From: Denis Pinkas <Denis.Pinkas@xxxxxxxx>
Date: Tue, 23 Jan 2001 09:51:49 +0100
Cc: Stephen Kent <kent@xxxxxxx>, PKIX List <ietf-pkix@xxxxxxx>
Organization: Bull
References: <> <> <> <> <> <> <> <> <> <> <> <> <> <> <>

Steve (Hanna),

( ...)

> > For the time being I would suggest that the consensus is: "We do not need to
> > support non-ASN.1-capable DPV clients."
> 
> Since Steve Kent's requirements did not propose to support
> non-ASN.1-capable, PKI-aware DPV clients, you are right that the
> decision reached last week (not to support non-PKI aware,
> non-ASN.1-capable DPV clients) implies that "We do not need to support
> non-ASN.1-capable DPV clients."

I do not "buy" your phrasing. It is not an implication, it is the basis of
the agreement. DPV has to be usable by a non-PKI aware client, or, let us
say, by a client with very limited PKI knowledge.

> > I have advocated the use of "blobs" for both the request parameters and the
> > optional result for a DPV client. This allows to have non-PKI aware clients.
> > Maybe there are some variations under that wording, but certainly a DPV
> > client is not DPD capable. Hence a good reason for the separation of the two
> > functionality.
 
> The set of inputs for the DPV and DPD protocols are remarkably similar.

The inputs, the goal of request and the responses are quite different.

> As long as we design the protocol properly, I don't see why there should
> be any problem using one protocol for both. 

Let us look at the details below.

> A non-PKI-aware client can
> pass blobs in and out (binary objects whose contents it does not
> understand). A PKI-aware client will understand the contents of those
> objects. A non-PKI-aware client will trust the server (although it may
> archive the blob for someone else to analyze later). A PKI-aware client
> may or may not trust the server.

I agree with you on the above statements. It is now time to go for a
proposal where you will see the differences. I made no attempt to look for
the similarities, but I am confident you will do that exercise. :-)

I will be posting the proposal in a different message, so that it can be
discussed more easily.

Denis 

 
> -Steve

References:
- RE: DPD & DPV Basics
  - From: Frank Balluffi
- Re: DPD & DPV Basics
  - From: Steve Hanna
- Re: DPD & DPV Basics
  - From: Stephen Kent
- Re: DPD & DPV Basics
  - From: Steve Hanna
- Re: DPD & DPV Basics
  - From: Stephen Kent
- Re: DPD & DPV Basics
  - From: Steve Hanna
- Re: DPD & DPV Basics
  - From: Paul Hoffman / IMC
- Re: DPD & DPV Basics
  - From: Steve Hanna
- Re: DPD & DPV Basics
  - From: Stephen Kent
- Re: DPD & DPV Basics
  - From: Steve Hanna
- Re: DPD & DPV Basics
  - From: Stephen Kent
- Need to support non-ASN.1 DPV clients?
  - From: Steve Hanna
- Re: Need to support non-ASN.1 DPV clients?
  - From: Steve Hanna
- Re: Need to support non-ASN.1 DPV clients?
  - From: Denis Pinkas
- Re: Need to support non-ASN.1 DPV clients?
  - From: Steve Hanna

Prev by Date: Re: Post-facto queries [Was: RE: DPD & DPV requirements]
Next by Date: Re: DPD & DPV requirements
Previous by thread: Re: Need to support non-ASN.1 DPV clients?
Next by thread: RE: DPD & DPV Basics
Index(es):
- Date
- Thread