[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: I-D ACTION:draft-ietf-pkix-cvp-01.txt


I have issued a new version of CVP "Certificate Validation Protocol".

The previous version was only covering DPV requirements. This new version now includes DPD requirements and the possibility to list the policies that are supported by the server.

It is now believed that this draft fully conforms with the requirements present in RFC 3379.

Section 5 on page 7 provides an overall description of the structure of a DPV/DPD request, while page 8 provides an overall description of the structure of a DPV/DPD response.

In the mean time, I have been in touch with the SCVP co-authors and we have been exchanging a few e-mails.

One of the major concerns I have with SCVP is its "programming style" which makes use of OIDs nearly everywhere. Another issue is the use of CMS. SCVP makes use of CMS, while CVP makes use of the signed structure used by PKC and ACs. Using "Dump ASN.1" would allow to easily debug CVP, but not SCVP. Besides these high level issues, there are other issues, which are more important.

FYI, I have posted about 9 pages of comments on SCVP to the co-authors and
I have received a response from Russ, today. So, we are still discussing ...

Denis

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Public-Key Infrastructure (X.509) Working Group of the IETF.

Title : Certificate Validation Protocol
Author(s) : D. Pinkas
Filename : draft-ietf-pkix-cvp-01.txt
Pages : 29
Date : 2002-10-31

This document defines a protocol called Certificate Validation Protocol (CVP) that can be used to:
(1) query the validation or discovery policies supported by a CVP server, (2) validate one or more public key certificates according to a single validation policy, or
(3) obtain one or more certification paths for one or more certificates according to a single discovery policy.

A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-pkix-cvp-01.txt

To remove yourself from the IETF Announcement list, send a message to ietf-announce-request with the word unsubscribe in the body of the message.

Internet-Drafts are also available by anonymous FTP. Login with the username
"anonymous" and a password of your e-mail address. After logging in,
type "cd internet-drafts" and then
	"get draft-ietf-pkix-cvp-01.txt".

A list of Internet-Drafts directories can be found in
http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt


Internet-Drafts can also be obtained by e-mail.

Send a message to:
	mailserv@xxxxxxxxx
In the body type:
	"FILE /internet-drafts/draft-ietf-pkix-cvp-01.txt".
	
NOTE:	The mail server at ietf.org can return the document in
	MIME-encoded form by using the "mpack" utility.  To use this
	feature, insert the command "ENCODING mime" before the "FILE"
	command.  To decode the response(s), you will need "munpack" or
	a MIME-compliant mail reader.  Different MIME-compliant mail readers
	exhibit different behavior, especially when dealing with
	"multipart" MIME messages (i.e. documents which have been split
	up into multiple messages), so check your local documentation on
	how to manipulate these messages.
		
		
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.