[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Cached OCSP responses vs. single entry CRLs

To: "Carl Wallace" <cwallace@xxxxxxxxxxxx>, <ietf-pkix@xxxxxxx>
Subject: RE: Cached OCSP responses vs. single entry CRLs
From: "Michael Myers" <mmyers@xxxxxxxxx>
Date: Fri, 5 Dec 2003 15:28:11 -0700
Importance: Normal
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx


> From: Carl Wallace
> Sent: Friday, December 05, 2003 2:09 PM
>
> Why use OCSP to convey pre-produced revocation
> information in the way that's being discussed?
> Why not use single entry CRLs?  The functionality
> is similar and they could be propagated using
> existing  technology (e.g. directories, 3280
> compliant path processing clients, etc.)



Carl,

Funny you should mention that.  The utility of CRL-based
approaches to the needs addressed by OCSP were amply debated in
the I-D phase of OCSP's development, principally between myself
and Carlisle Adams.  The turning point came when that dialog
yielded the notion of nonces in OCSP.

Mike

References:
- Cached OCSP responses vs. single entry CRLs
  - From: Carl Wallace

Prev by Date: RE: DISCUSS: MUST reject in OCSPv1
Next by Date: RE: Cached OCSP responses vs. single entry CRLs
Previous by thread: Cached OCSP responses vs. single entry CRLs
Next by thread: RE: Cached OCSP responses vs. single entry CRLs
Index(es):
- Date
- Thread