Carlin Covey wrote:
> But none of these allow a certificate to be revoked. I gather that
> you are interested in a protocol for requesting revocation of certificates.
> Check out CMP, available at
> http://www.ietf.org/internet-drafts/draft-ietf-pkix-rfc2510bis-04.txt
This could be the case, anyway I was thinking of something more "robust"
and a little bit complex -- as request/response contents -- to prevent
unauthorized revoking requesting to prevent as much as possible DoS but
allowing for a simple revocation method. This could help environments where
legal issues are also covered -- govenment PKIs, Municipalities PKIs,
etc...
The model I've been thinking of is mostly based on a structure very similar
to the model proposed in OCSP. The choosen transport mechanism could be
HTTP -- this could help browsers in adding the functionality and CSP to
implement the service.
--
C'you,
Massimiliano Pala
--o-------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager] madwolf@xxxxxxxxxx
madwolf@xxxxxxxxxxxxxxx
http://www.openca.org Tel.: +39 (0)59 270 094
http://openca.sourceforge.net Mobile: +39 (0)347 7222 365Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature