[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Polling in CMP

To: <ietf-pkix@xxxxxxx>
Subject: Re: Polling in CMP
From: Magnus Nystrom <magnus@xxxxxxxxxxxxxxx>
Date: Thu, 11 Oct 2001 22:46:13 +0200 (W. Europe Daylight Time)
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Reply-to: Magnus Nyström <magnus@xxxxxxxx>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

Amit,

Thanks for your comments.

On Mon, 17 Sep 2001, Amit Kapoor wrote:

> Hi Magnus, Gareth,
>
>      A quick glance seems the proposal is inline with the original
> discussion. However, I would like to expand the scope of polling a
> little bit.  One of the other problems we have been dealing with is
> that issuance of certificates sometimes require a back and forth
> question & answer session between the end entity and the server
> for identity authentication.  The current interoperable subset of
> the CMP protocol assumes

> (a) all the information needed by the server is in the original
> request or
> (b) the server does out of band verification if information needed
> is not sufficient.
>
>      I believe this requirement is generic enough to require
> interoperable support and should go into the CMP protocol.  Based on
> the use of the proposed CMP poll request & response, it looks like a
> good choice. Would like to hear your thoughts......

This is probably rather a question for the ir/ip pair, or cr/cp,
perhaps in conjunction with enhancements to PKIStatus. In any event, I
rather not mix the polling functionality with interactions between the
RA/CA and the EE.

BR,
-- Magnus

Prev by Date: Re: New test TSA available
Next by Date: I-D ACTION:draft-ietf-pkix-ipki-pkalgs-04.txt
Previous by thread: Re: Polling in CMP
Next by thread: Version 15 of the Implementor's Guide for X.500
Index(es):
- Date
- Thread