[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Online Certificate Revocation Protocol

To: <hansenw@xxxxxxxxxx>, <madwolf@xxxxxxxxxx>
Subject: RE: Online Certificate Revocation Protocol
From: "Carlin Covey" <ccovey@xxxxxxxxxx>
Date: Thu, 7 Jun 2001 18:18:02 -0700
Cc: <ietf-pkix@xxxxxxx>
Importance: Normal
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

Massimiliano,

If you are interested in a protocol that indicates whether a
certificate has been revoked, then the OCSP document that Hansen
referred you to is appropriate.  You can get it at
http://www.ietf.org/rfc/rfc2560.txt)

Version 2 of the OCSP protocol is described in an Internet Draft
available at
http://www.ietf.org/internet-drafts/draft-ietf-pkix-ocspv2-02.txt

Simple Certificate Validation Protocol is another candidate.  You
can get the latest version of this at
http://www.ietf.org/internet-drafts/draft-ietf-pkix-scvp-05.txt

But none of these allow a certificate to be revoked. I gather that
you are interested in a protocol for requesting revocation of certificates.
Check out CMP, available at
http://www.ietf.org/internet-drafts/draft-ietf-pkix-rfc2510bis-04.txt

Regards,

Carlin

____________________________

-  Carlin Covey
   Cylink Corporation

-----Original Message-----
From: owner-ietf-pkix@xxxxxxxxxxxx [mailto:owner-ietf-pkix@xxxxxxxxxxxx]On
Behalf Of Hansen Wang
Sent: Thursday, June 07, 2001 5:36 PM
To: madwolf@xxxxxxxxxx
Cc: ietf-pkix@xxxxxxx
Subject: Re: Online Certificate Revocation Protocol

Massimiliano Pala wrote:
>
> Hi all,
>
> I am in search of some help and suggestions about certificate revocation.
The
> problem is that, as far as I know, no rfc covers a possible online
revocation
> protocol to be used to revoke a certificate.

Isn't that what OCSP supposed to do? RFC 2560

2560 X.509 Internet Public Key Infrastructure Online Certificate
Status Protocol - OCSP. M. Myers, R. Ankney, A. Malpani, S. Galperin,
C. Adams. June 1999.

Also Certificate Revocation Status is also a per request - per response
system.

>
> The model I am thinking of is request-response oriented and, depending on
> the policy adopted by the corresponding CA, permits a user/router/etc...
to
> ask for revocation of a certificate. This can help environments where
> certificates from different vendors are used and we want to be able to ask
> for revocation without having to follow different procedures for different
> CSP -- additional steps could/shall, depending on the policy adopted,
> be taken to accomplish the revocation process.
>
> Has my problem a solution yet ??? Or can I work on a proposal to be
> submitted for comments and reviews ???

-
Hansen Wang
<http://members.home.net/hansen.wang/

Follow-Ups:
- Re: Online Certificate Revocation Protocol
  - From: Massimiliano Pala

References:
- Re: Online Certificate Revocation Protocol
  - From: Hansen Wang

Prev by Date: Re: Online Certificate Revocation Protocol
Next by Date: RE: Online Certificate Revocation Protocol
Previous by thread: Re: Online Certificate Revocation Protocol
Next by thread: Re: Online Certificate Revocation Protocol
Index(es):
- Date
- Thread