Re: draft-ietf-pkix-dpv-dpd-req-00.txt & draft-ietf-pkix-dsv-req-00.txt

[Petra Barzin <barzin@xxxxxxxxxx>]

Denis,

I have three questions/comments regarding your DPV / DPD document:

- I would like to see the signature to be only optional in a DPV response.
You require the DPV response to be integrity protected. But you could
authenticate the server using other means, for example SSL server
authentication.

- A DPV or DPD request can only contain one certificate. Shouldn't it be
possible to include more than one certifiacte in a request?

- Why do I need the optional requestor name in the DPV request and
response? And why is this requestor name not included in the DPD protocol?

Bye - Petra

Denis Pinkas schrieb:

> I have been asked by the co-chairs to prepare a requirements document for
> DPV/DPD. While doing that task, requirements slighly different have been
> identified for DSV. As a result of this request, you will find:
>
> http://www.ietf.org/internet-drafts/draft-ietf-pkix-dpv-dpd-req-00.txt
>
> a document which describes a protocol for the validation of CERTIFICATES
> (and for the discovery of certification paths), and
>
> http://www.ietf.org/internet-drafts/draft-ietf-pkix-dsv-req-00.txt
>
> a separate document which describes a protocol for the validation of
> DIGITAL SIGNATURES.
>
> Both documents, which share several common points, will be presented
> at the next IETF meeting.
>
> Denis