[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Cached OCSP responses vs. single entry CRLs

To: "'Carl Wallace'" <cwallace@xxxxxxxxxxxx>, ietf-pkix@xxxxxxx
Subject: RE: Cached OCSP responses vs. single entry CRLs
From: "Deacon, Alex" <alex@xxxxxxxxxxxx>
Date: Fri, 5 Dec 2003 16:04:46 -0800
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx


We looked into this.  The problem is that client support for "crl
partitioning" (in this case a partition by individual serial number) is just
about non-existant. 

Alex

> -----Original Message-----
> From: Carl Wallace [mailto:cwallace@xxxxxxxxxxxx] 
> Sent: Friday, December 05, 2003 1:09 PM
> To: ietf-pkix@xxxxxxx
> Subject: Cached OCSP responses vs. single entry CRLs
> 
> 
> 
> Why use OCSP to convey pre-produced revocation information in 
> the way that's being discussed?  Why not use single entry 
> CRLs?  The functionality is similar and they could be 
> propagated using existing technology (e.g. directories, 3280 
> compliant path processing clients, etc.).
>

Follow-Ups:
- RE: Cached OCSP responses vs. single entry CRLs
  - From: Carl Wallace

Prev by Date: RE: DISCUSS: MUST reject in OCSPv1
Next by Date: Re: Cached OCSP responses vs. single entry CRLs
Previous by thread: RE: Cached OCSP responses vs. single entry CRLs
Next by thread: RE: Cached OCSP responses vs. single entry CRLs
Index(es):
- Date
- Thread