[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

OCSP RFC and OCSP version 2 ID

To: ietf-pkix@xxxxxxx
Subject: OCSP RFC and OCSP version 2 ID
From: Santosh Chokhani <chokhani@xxxxxxxxxxxx>
Date: Tue, 15 Jan 2002 19:41:33 -0500
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

Title: OCSP RFC and OCSP version 2 ID

Folks:

I am looking at both the RFC and version 2 ID for OCSP. Each document contains statements that seem contradictory to me. This relates to the meaning of nextUpdate field in the OCSP SingleResponse. Some places each document states that:

"If nextUpdate is not set, the responder is indicating that newer revocation information is available all the time"

Other places each document states that:

"Responses where the nextUpdate value is not set are equivalent to a CRL with no time for nextUpdate"

Now, this appear contradictory to me since I do not interpret X.509 to imply that absence of nextUpdate field in CRL means near real-time CRL generation.

I assume that the above is editorial oversight and the authors of both the RFC and ID mean that for OCSP, absence of nextUpdate means newer revocation information is available all the time.

Raccoon Eyes

Santosh Chokhani
CygnaCom Solutions, Inc.
7927 Jones Branch Drive, Suite 100 West
McLean, VA 22102
chokhani@xxxxxxxxxxxx
(703) 270-3520 (703) 848-0960 (fax)
www.cygnacom.com

Entrust CygnaCom

Follow-Ups:
- Re: OCSP RFC and OCSP version 2 ID
  - From: Denis Pinkas

Prev by Date: Re: Question about encoding of RSA public Exponent
Next by Date: Re: OCSP RFC and OCSP version 2 ID
Previous by thread: Cautionary Period Straw Poll
Next by thread: Re: OCSP RFC and OCSP version 2 ID
Index(es):
- Date
- Thread