[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: delta CRLs - NR assumptions

To: "'Denis Pinkas'" <Denis.Pinkas@xxxxxxxx>, "Manger, James H" <James.H.Manger@xxxxxxxxxxxxxxxx>
Subject: RE: delta CRLs - NR assumptions
From: Phillip Hallam-Baker <pbaker@xxxxxxxxxxxx>
Date: Fri, 15 Jun 2001 09:36:02 -0700
Cc: ietf-pkix@xxxxxxx
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

> I see a problem here. If you use delta-CRls, 

I see lots of problems if you use delta CRLs. A veritable sea of troubles
bringing waves of misery and destruction upon an unhappy world.

If you want to ban anything to prevent this woe, then ban delta CRLs, this
solution would have the considerable advantage of reducing the size of the
RFC by several dead trees.

It is simply not possible to ban emergency CRLs. Nor do I accept the premise
that consistency is more desirable than correct answers. If an OCSP service
reacts on the basis of continuously updated real time data then it will
inevitably give answers that are different (i.e. right more often) to those
that an application relying on stale CRL data will give. Call such behaviour
'inconsistent' if you like.


	Phill

Attachment: Phillip Hallam-Baker (E-mail).vcf
Description: Binary data

Prev by Date: RE: delta CRLs - NR assumptions
Next by Date: RE: delta CRLs - NR assumptions
Previous by thread: RE: delta CRLs - NR assumptions
Next by thread: RE: delta CRLs - NR assumptions
Index(es):
- Date
- Thread