[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: OCSP and LDAP
as been mentioned before ... it is relatively simple to see the information
in certificates as form of distributed read/only cache entries ... with
lots of similarities to cpu caches, database caches, filesystem caches,
distributed/network databases, distributed/network filesystems, etc.
the data in the certificates is stale by defintion ... if it wasn't ... it
wouldn't be necessary to have an OCSP that basically is asking if it is too
stale.
some ten plus years ago i was at a acm sigmod conference and asked somebody
what this x.500 stuff was ... and was told it is a bunch of networking
types trying to re-invent 1960s database technology.
random past refs:
http://www.garlic.com/~lynn/aadsmore.htm#time Certifiedtime.com
http://www.garlic.com/~lynn/aadsm5.htm#faith faith-based security and kinds
of trust
http://www.garlic.com/~lynn/aadsm8.htm#softpki19 DNSSEC (RE: Software for
PKI)
http://www.garlic.com/~lynn/aadsm12.htm#52 First Data Unit Says It's
Untangling Authentication
http://www.garlic.com/~lynn/aepay4.htm#visaset2 Visa Delicately Gives Hook
to SET Standard
http://www.garlic.com/~lynn/aepay6.htm#crlwork do CRL's actually work?
http://www.garlic.com/~lynn/aepay10.htm#77 Invisible Ink, E-signatures slow
to broadly catch on (addenda)
http://www.garlic.com/~lynn/2001d.html#7 Invalid certificate on 'security'
site.
http://www.garlic.com/~lynn/2001e.html#43 Can I create my own SSL key?
--
Internet trivia, 20th anv: http://www.garlic.com/~lynn/rfcietff.htm