[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: OCSP RFC and OCSP version 2 ID

To: Peter Williams <peterw@xxxxxxxxxxxx>
Subject: Re: OCSP RFC and OCSP version 2 ID
From: Rich Salz <rsalz@xxxxxxxxxx>
Date: Wed, 16 Jan 2002 19:01:04 -0500
Cc: "'Denis Pinkas '" <Denis.Pinkas@xxxxxxxx>, "'Santosh Chokhani '" <chokhani@xxxxxxxxxxxx>, "'ietf-pkix@xxxxxxx '" <ietf-pkix@xxxxxxx>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

>From the time of the first I-D for OCSPv1 up until close to RFC status,
CertCo was the third major entity in the OCSP arena. We were at least
partially fronting for the still-being-created Identrus, and we (CertCo
and the tech commmittee folks from the initial working groups) saw OCSP
as the keystone for its online trust services.

For what it's worth, the CertCo product used CRL's, but also had a "fast
track" interface for updating its internal database.  At the time, we
would often explain that CRL-only approaches were deficient to our
LDAP-based publication and CRL approach, since a CRL couldn't tell you
if a certificate was, in fact, never issued. :)

> Currently, VeriSign's current work in W3C also
> reflects alot of the understanding on the required
> semantics of realtime trust models.

Hardly.  Much as I like XKMS (a co-worker is co-editor on the
requirements document), its approach to semantics is to sweep them under
the rug; post to the right URL and "just trust me."
	/r$
-- 
Zolera Systems, Securing web services (XML, SOAP, Signatures,
Encryption)
http://www.zolera.com

References:
- RE: OCSP RFC and OCSP version 2 ID
  - From: Peter Williams

Prev by Date: Hash values in OCSP
Next by Date: RE: Hash values in OCSP
Previous by thread: RE: OCSP RFC and OCSP version 2 ID
Next by thread: RE: OCSP RFC and OCSP version 2 ID
Index(es):
- Date
- Thread