[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Cached OCSP responses vs. single entry CRLs

To: "'David Engberg'" <dengberg@xxxxxxxxxxxxxx>
Subject: RE: Cached OCSP responses vs. single entry CRLs
From: "Carl Wallace" <cwallace@xxxxxxxxxxxx>
Date: Mon, 8 Dec 2003 10:28:55 -0500
Cc: "'Deacon, Alex'" <alex@xxxxxxxxxxxx>, "'Ryan M. Hurst'" <rmh@xxxxxxxxxxxxxxxxxxxxx>, <ietf-pkix@xxxxxxx>
Importance: Normal
In-reply-to: <3FD490E8.6030804@corestreet.com>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx


> From: David Engberg [mailto:dengberg@xxxxxxxxxxxxxx] 
> Subject: Re: Cached OCSP responses vs. single entry CRLs
> 
> In terms of how an implementation produces and distributes 
> pre-generated OCSP responses, there are a large number of mechanisms to do
this 
> (pushing, pulling, rsync, fedex CD-ROMs, etc.).  None of these are 
> visible to the relying parties, so I don't think there needs 
> to be any mandatory implementation in an RFC.
> 

That it is not visible to relying parties does not necessarily remove a need
for standardization.  It's easy to see where non-standardization of the
means of replication would lock folks into a particular vendor's solution.
For what it's worth, I'm not lobbying for additional standardization efforts
in that area.  The point is that there exist today ample standards to deploy
a solution that is more or less functionally equivalent to "cached OCSP" or
"nonce not supported OCSP".

References:
- Re: Cached OCSP responses vs. single entry CRLs
  - From: David Engberg

Prev by Date: Re: Cached OCSP responses vs. single entry CRLs
Next by Date: RE: DISCUSS: MUST reject in OCSPv1
Previous by thread: Re: Cached OCSP responses vs. single entry CRLs
Next by thread: Re: Cached OCSP responses vs. single entry CRLs
Index(es):
- Date
- Thread