[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Algorithm revocation

To: Soenke Maseberg <maseberg@xxxxxxxxxxxxxxxx>
Subject: Re: Algorithm revocation
From: Stephen Kent <kent@xxxxxxx>
Date: Tue, 20 Feb 2001 18:33:36 -0500
Cc: ietf-pkix@xxxxxxx
In-reply-to: <>
References: <><>

Soenke,

While I am sympathetic to the concern that motivated the suggestion of revoking an algorithm, I think the list discussion has pointed out pitfalls with the proposed approach. Fundamentally, a decision to accept or reject use of algorithm is more an RP issue that a CA revocation issue. I am less sympathetic to the proposed dual signature proposal for PKI data structures, including your specific OCSP example. Use of multiple signatures are appropriate in some application contexts, but have been explored and rejected in X.509 infrastructure data elements, e.g., certs & CRLs, long ago.

Steve

Follow-Ups:
- Re: Algorithm revocation
  - From: Sönke Maseberg

References:
- Re: Algorithm revocation
  - From: Tom Gindin
- Re: Algorithm revocation
  - From: Soenke Maseberg

Prev by Date: unsubscribe
Next by Date: Re: Algorithm revocation
Previous by thread: Re: Algorithm revocation
Next by thread: Re: Algorithm revocation
Index(es):
- Date
- Thread