[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Online Certificate Revocation Protocol
Massimiliano Pala wrote:
>
> Hi all,
>
> I am in search of some help and suggestions about certificate revocation. The
> problem is that, as far as I know, no rfc covers a possible online revocation
> protocol to be used to revoke a certificate.
Isn't that what OCSP supposed to do? RFC 2560
2560 X.509 Internet Public Key Infrastructure Online Certificate
Status Protocol - OCSP. M. Myers, R. Ankney, A. Malpani, S. Galperin,
C. Adams. June 1999.
Also Certificate Revocation Status is also a per request - per response
system.
>
> The model I am thinking of is request-response oriented and, depending on
> the policy adopted by the corresponding CA, permits a user/router/etc... to
> ask for revocation of a certificate. This can help environments where
> certificates from different vendors are used and we want to be able to ask
> for revocation without having to follow different procedures for different
> CSP -- additional steps could/shall, depending on the policy adopted,
> be taken to accomplish the revocation process.
>
> Has my problem a solution yet ??? Or can I work on a proposal to be
> submitted for comments and reviews ???
-
Hansen Wang
<http://members.home.net/hansen.wang/