[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: OCSP Questions
>From: Rich Ankney[SMTP:email@example.com]
>Sent: Wednesday, November 12, 1997 3:39 PM
>To: Rob Zuccherato; firstname.lastname@example.org; 'email@example.com'
>Subject: Re: OCSP Questions
>> >5. Why not ASN.1? This is PKIX after all. Everything else was done
>> >here using ASN.1, so certainly any application using this service should
>> >be capable of handling it. This seems an odd choice.
>> HTTP Servers are forming an increasingly dominant component of the
>> technical infrastructure. It seems to me that a proposal that seeks to
>> establish server-type capabilities would do the Internet well by
>> this infrastructure. There exists commonly accepting mechanisms--and
>> widely available tools--for interfacing to HTTP servers. And while it is
>> the case that many PKI developments are ASN.1 fluent and equipped, there
>> are a substantial (and increasing) number to whom certificate parsing is
>> function call, not a T-L-V crawl.
>I agree with all (well, most) of Mike's comments. I'd be glad to work on
>version of OCSP, including extensibility as well as some of the other
>"CertCo features", with anyone who'd care to participate.
Does it make sense to start work on an ASN.1 version of OCSP when a
document exists which already has this (and also contains the other
"CertCo features" as I understand them)? Please see
http://www.entrust.com/downloads/notary.txt which has been submitted as
an independent Internet Draft. This draft now contains an explicit
service for notarizing certificates. The capability was always there,
we have just made it an explicit service in the updated draft.