[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: signed e-mail

To: <ietf-pkix@xxxxxxx>
Subject: Re: signed e-mail
From: "Bob Jueneman" <bjueneman@xxxxxxxxxx>
Date: Wed, 14 Nov 2001 16:37:33 -0700
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

In a recent message, I asked some questions regarding how MS-CAPI handles CRLs, controls caching, etc.  A friendly little bird provided me a reference to an excellent white paper on the subject: 

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/WinXPPro/support/tshtcrl.asp

The long and short of it is that CRLs are cached in several locations, but in Windows 2000 they are held until the validity period of the CRL expires.  The only way to purge them is to delete the temporary Internet files.

In Windows XP, the processing is more complex, and at least when used in conjunction with delta CRLs a freshness parameter can be specified.

On the one hand, the paper is of considerable interest in laying out how the processing of certificate paths is accomplished in accordance of the current standards, and how they deal with all of the various options.

On the other, it is an excellent illustration of how complex the standards have become, and how difficult it can be for both the end user, or even worse the system administrator who is trying to set up a PKI.

It reinforces my belief that most of the necessary functionality is now in place  -- and then some, in some cases.  But the ability to manage this process is still far from being under control, and that is probably the single biggest hindrance that is holding back PKI.

Bob

Robert R. Jueneman
Security Architect

Novell, Inc -- the leading provider of Net services software

BEGIN:VCARD
VERSION:2.1
X-GWTYPE:USER
FN:Bob Jueneman
TEL;WORK:01-801/861-7387
ORG:Novell Inc. -- the leading provider of Net services software;DS eBusiness Solutions
TEL;PREF;FAX:01-801/861-2522
EMAIL;WORK;PREF;NGW:BJUENEMAN@xxxxxxxxxx
N:Jueneman;Bob
TITLE:Consultant Engineer
ADR;INTL;WORK;PARCEL;POSTAL:;;Novell, Inc.\n1800 South Novell Place\n;Provo;Utah;84606;USA
LABEL;INTL;WORK;PARCEL;POSTAL;ENCODING=QUOTED-PRINTABLE:Bob Jueneman=0A=
Novell, Inc.=0A=
1800 South Novell Place=0A=
=0A=
Provo, Utah  84606=0A=
USA
LABEL;DOM;WORK;PARCEL;POSTAL;ENCODING=QUOTED-PRINTABLE:Bob Jueneman=0A=
Novell, Inc.=0A=
1800 South Novell Place=0A=
=0A=
Provo, Utah  84606
END:VCARD

BEGIN:VCARD
VERSION:2.1
X-GWTYPE:USER
FN:Robert R. Jueneman
TEL;WORK:01-801/861-7387
ORG:Novell, Inc.;DS eBusiness Solutions
TEL;PREF;FAX:01-801/861-2522
EMAIL;WORK;PREF;NGW:BJUENEMAN@xxxxxxxxxx
N:Jueneman;Bob
TITLE:Consultant Engineer
ADR;INTL;WORK;PARCEL;POSTAL:;PRV-F331;122 E. 1700 South;Provo;Utah;84606;USA
LABEL;INTL;WORK;PARCEL;POSTAL;ENCODING=QUOTED-PRINTABLE:Robert R. Jueneman=0A=
PRV-F331=0A=
122 E. 1700 South=0A=
Provo, Utah  84606=0A=
USA
LABEL;DOM;WORK;PARCEL;POSTAL;ENCODING=QUOTED-PRINTABLE:Robert R. Jueneman=0A=
PRV-F331=0A=
122 E. 1700 South=0A=
Provo, Utah  84606
TEL;HOME:1-801-765-4378
TEL;CELL:1-801-361-1410
TEL;PREF:1-801-861-7387, 1-800-453-1267
END:VCARD

Prev by Date: proposed change inthe charter
Next by Date: RE: RFC2253 e-mail address
Previous by thread: Re: signed e-mail
Next by thread: Re: signed e-mail
Index(es):
- Date
- Thread