Re: [IETF-PKIX] Revised OCSP Draft

[Robert Zuccherato <robert.zuccherato@xxxxxxxxxxx>]

Mike;

I have been out of town for the past week and so couldn't take part in
the lively discussion you have all been having.  I look forward to
seeing the new document and hope that the concerns that have been
mentioned here are addressed.  There is still (at least) one issue that
bothers me.

>----------
>From:  mmyers@VERISIGN.COM[SMTP:mmyers@VERISIGN.COM]
>Sent:  Friday, November 21, 1997 7:36 PM
>To:    IETF-PKIX@LISTS.TANDEM.COM
>Subject:       [IETF-PKIX] Revised OCSP Draft
>
>I left the abstraction of the trust model as it stands, although there's
>some need for refinement to further reduce complexity in the non-CA trust
>model.

I won't pass judgment until I see the document, but this concerns me.
As I stated before:

I think a lot of my difficulty with this document comes from the fact
that I don't really understand the model from which you are working and
it isn't really well defined in the document.  Perhaps this will become
more clear as the discussion continues.

I apologize if I missed something in the volume of email I worked
through today, but I don't think that this issue has adequately been
addressed.  A short description of the trust model would help to clarify
many of the problems that people have been having.  I think that we all
have different implementations of this service in mind when commenting
on your protocol.

        Robert Zuccherato



>