[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [IETF-PKIX] OCSP v CRLs over HTTP
Russ - By "the alternative" I take you to mean OCSP. The OCSP response
is signed by the CA's signature key. This provides authentication of
the responder's identity. Best regards. Tim.
>----------
>From: Russ Housley[SMTP:housley@SPYRUS.COM]
>Sent: Tuesday, December 02, 1997 11:43 AM
>To: IETF-PKIX@LISTS.TANDEM.COM
>Subject: Re: [IETF-PKIX] OCSP v CRLs over HTTP
>
>Tim:
>
>the digital signature on the CRL returned by HTTP or FTP provides teh
>authentication. How is comperable authentication provided in the
>alternative?
>
>Russ
>
--------------------------------------------------------------
Tim Moses, Entrust Technologies,
Tel: 613 247 3183,
email: tim.moses@entrust.com.