[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Comments on [MANDATORY cert discovery capabiity]

To: Carlisle Adams <carlisle.adams@xxxxxxxxxxx>, "'Peter Williams'" <peter@xxxxxxxxxxxx>
Subject: RE: Comments on [MANDATORY cert discovery capabiity]
From: "Arsenault, Al W." <awarsen@xxxxxxxxxxxxxx>
Date: Mon, 22 Sep 97 13:39:00 EDT
Cc: "'ietf-pkix@xxxxxxxxxx'" <ietf-pkix@xxxxxxxxxx>
Encoding: 24 TEXT

On closer review, I confirmed that I like the document as it now stands.

There is the ability to use PKIX-CMP to distribute certificates, CRLs, etc. 
to users upon initial registration.  (For some set of users, it's easier to 
get the signed certificate, the CA's current CRL, and other ancillary 
information in a message - possibly contained on a floppy-disk for an 
off-line CA -  than to be told to get them from a repository.)  There is no 
need for this to be mandatory; I recognize that many CA providers will not 
want to provide this service and I don't wish to require them to.

Additionally, I can use PKIX-CMP (vice PKIX-OPP) to distribute new CRLs on 
occasions where a push is deemed necessary.  The messages I need to do this 
are all there in the protocol now.   Again, there is no need for these 
messages to be mandatory for PKIX conformance  - not everybody wants to/has 
to implement a similar service.  All I ask is that somebody providing such a 
service not be deemed non-conformant with PKIX.


          Al Arsenault

          - speaking only for myself

Prev by Date: I-D ACTION:draft-ietf-pkix-ipki2opp-03.txt (re-send)
Next by Date: Re: Coding of national characters?
Previous by thread: RE: Comments on [MANDATORY cert discovery capabiity]
Next by thread: Re: Comments on [MANDATORY cert discovery capabiity]
Index(es):
- Date
- Thread