[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[IETF-PKIX] OCSP using SSL/https

To: IETF-PKIX@xxxxxxxxxxxxxxxx
Subject: [IETF-PKIX] OCSP using SSL/https
From: Dan Laska <danl@xxxxxxxxxxxxxxxx>
Date: Wed, 3 Dec 1997 09:55:08 -0600
Reply-to: "IETF X.509-based public key infrastructure mailing list" <IETF-PKIX@xxxxxxxxxxxxxxxx>
Sender: "IETF X.509-based public key infrastructure mailing list" <IETF-PKIX@xxxxxxxxxxxxxxxx>

It seems that the main purpose of having signed responses in OCSP
is to authenticate the responder.

Would it be useful, and perhaps simplify things, to permit SSL/https
to be used in the protocol instead of requiring signed responses over
http?

I am assuming here that the responder is tightly coupled to the CA.
If the responder's site certificate is revoked then the responder
itself would have to get disabled or updated by the CA.

==========================================
Dan Laska
Frontier Technologies Corp.
Email: danl@frontiertech.com
==========================================

Follow-Ups:
- Re: [IETF-PKIX] OCSP using SSL/https
  - From: Patrick C. Richard

Prev by Date: Re: [IETF-PKIX] Question about SubjectAltNames
Next by Date: Re: [IETF-PKIX] OCSP v CRLs over HTTP
Previous by thread: [IETF-PKIX] OCSP v CRLs over HTTP
Next by thread: Re: [IETF-PKIX] OCSP using SSL/https
Index(es):
- Date
- Thread