[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

OCSP value proposition

To: "Anders Rundgren" <anders.rundgren@xxxxxxxxx>
Subject: OCSP value proposition
From: lynn.wheeler@xxxxxxxxxxxxx
Date: Sun, 5 Jan 2003 14:33:18 -0700
Cc: ambarish@xxxxxxxxxxx, ietf-pkix@xxxxxxx, madwolf@xxxxxxxxxxxxxxx, owner-ietf-pkix@xxxxxxxxxxxx, "Peter Gutmann" <pgut001@xxxxxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx


ok, i'm a RP sitting here with a credential that contains some certified
static, stale information .... that was designed to support an offline
paradigm.

The RP believes there is some business/value operation involved which has
some risk issues with the staleness of the information in the certificate.

A OCSP transaction provides the RP with some feeling as to the degree of
staleness .... in theory to better mitigate risks associated with the value
operation.

My assertions are

1) a online transaction can provide real-time, fresh, dynamic, and
aggregated information (which is a superset of the stale static information
contained in the certificate) for approximately the same cost as a
transaction about the staleness of the static certificate information.
furthermore nearly every business/value operation in existence has some
form of real-time, fresh, dynamic and aggregated information (for those
mired in certificate paradigm ... view the online, real-time response
containing this information as a one-time, immediately expiring
certificate).

2) the superset of the stale, static information with real-time, fresh,
dynamic, and aggregated information provides better quality risk management
than an opinion as to the staleness of the certificate static information
(at effectively the same cost).

3) given the same cost .... and greater value information for better risk
management .... the cost/benefit analysis would nearly always benefit the
real-time, fresh, dynamic aggregated response of an opinion about the
degree of static information staleness.

4) the real-time, fresh, dynamic and aggregated information potentially
provides the ability to piggy-back an actual business transaction as part
of the underlying online operation (for little or not additional cost) ....
this is the payment scenario.

5) for cost/benefit of risk management associated with real-time, fresh,
aggregated, and/or dynamic may represent such a compelling business
justification that all operations become online. For environment with all
online operations, using real-time, fresh, aggregated, and dynamic
information, then an offline certificate with static, stale information
(that is a subset of real-time, fresh, aggregated and dynamic information)
become totally redundant and superfluous. Certificates are at least
redundant and superfluous for those transactions involving real-time,
fresh, aggregated, and/or dynamic operations (if RP is getting the
real-time superset information ... then the stale, static, subset
information isn't needed).

So the question I believe was a value proposition for OCSP that

1)  involves value that justifies having online, real-time infrastructure

2) doesn't involve payments or money (as per somebody else's earlier
posting since it has already been shown that money infrastructure does a
piggy-back transaction based on real-time, fresh, dynamic, and aggregated
information).

3) only requires an opinion as to the staleness of static information
(yes/no)

4) has no incremental business justification for real-time, fresh, dynamic
and/or aggregated information.

--
Internet trivia, 20th anv: http://www.garlic.com/~lynn/rfcietff.htm

Prev by Date: RE: OCSP and LDAP
Next by Date: RE: OCSP and LDAP
Previous by thread: OCSP and LDAP
Next by thread: HTML version of Challenge PKI 2001 is ready.
Index(es):
- Date
- Thread