[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Online Certificate Revocation Protocol

To: ietf-pkix@xxxxxxx
Subject: RE: Online Certificate Revocation Protocol
From: "JANES, Mark" <Mark.JANES@xxxxxxxxxx>
Date: Fri, 8 Jun 2001 15:31:03 +0100
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

Does anyone know what implementations of CMP exist?

Thanks,
Mark Janes
Principal Technical Architect
e-Government Services
SchlumbergerSema UK Region
*Office:	(+44) (0) 1625 88 4698 NNH Wilmslow
*Fax:		(+44) (0) 1625 530 911 NNH Wilmslow
*Mobile:	(+44) (0) 7733 310 313
* Email:	Mark.Janes@xxxxxxxxxx
* Postal:	Ground Floor East, Norcliffe House, 
		Station Road, Wilmslow, SK9 1BB

-----Original Message-----
From: Nada Kapidzic Cicovic [mailto:nada@xxxxxxxxxxxxx]
Sent: 08 June 2001 12:21
To: madwolf@xxxxxxxxxx; ietf-pkix@xxxxxxx
Subject: Re: Online Certificate Revocation Protocol

At 11:01 AM 6/8/01 +0200, Massimiliano Pala wrote:
>Carlin Covey wrote:
>
> > But none of these allow a certificate to be revoked. I gather that
> > you are interested in a protocol for requesting revocation of
certificates.
> > Check out CMP, available at
> > http://www.ietf.org/internet-drafts/draft-ietf-pkix-rfc2510bis-04.txt
>
>This could be the case, anyway I was thinking of something more "robust"
>and a little bit complex -- as request/response contents -- to prevent
>unauthorized revoking requesting to prevent as much as possible DoS but
>allowing for a simple revocation method. This could help environments where
>legal issues are also covered -- govenment PKIs, Municipalities PKIs,
>etc...

This is exactly what CMP specifies. Many vendors already have support for 
CMP EE initiated certificate revocation. The interoperability of different 
implementations of CMP certificate revocation (among other things) has been 
conducted during PKI Forum and ICSA CMP interop testing quite successfully.

Nada

>The model I've been thinking of is mostly based on a structure very similar
>to the model proposed in OCSP. The choosen transport mechanism could be
>HTTP -- this could help browsers in adding the functionality and CSP to
>implement the service.
>
>--
>
>C'you,
>
>         Massimiliano Pala
>
>--o------------------------------------------------------------------------
-
>Massimiliano Pala [OpenCA Project Manager]
madwolf@xxxxxxxxxx
>
madwolf@xxxxxxxxxxxxxxx
>http://www.openca.org                            Tel.:   +39 (0)59  270
094
>http://openca.sourceforge.net                    Mobile: +39 (0)347 7222
365

______________________________________________________________

Nada Kapidzic Cicovic, Ph.D.
Technical Director,   Entegrity Solutions
office: + 46 8 477 77 37,   cell: + 46 70 495 09 03,    fax: + 46 8 477 77
31

___________________________________________________________________________
This email is confidential and intended solely for the use of the 
individual to whom it is addressed. Any views or opinions presented are 
solely those of the author and do not necessarily represent those of 
Sema. 
If you are not the intended recipient, be advised that you have received this
email in error and that any use, dissemination, forwarding, printing, or 
copying of this email is strictly prohibited.

If you have received this email in error please notify the Sema UK
Helpdesk by telephone on +44 (0) 121 627 5600.
___________________________________________________________________________

Prev by Date: Re: Online Certificate Revocation Protocol
Next by Date: draft-ietf-pkix-ac509prof-09.txt is coming...
Previous by thread: RE: Online Certificate Revocation Protocol
Next by thread: Re: Online Certificate Revocation Protocol
Index(es):
- Date
- Thread