[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [IETF-PKIX] OCSP at IETF

To: IETF-PKIX@xxxxxxxxxxxxxxxx
Subject: Re: [IETF-PKIX] OCSP at IETF
From: Jeff Weinstein <jsw@xxxxxxxxxxxx>
Date: Fri, 17 Apr 1998 01:57:54 -0700
Approved-by: Jeff Weinstein <jsw@NETSCAPE.COM>
References: <>
Reply-to: "IETF X.509-based public key infrastructure mailing list" <IETF-PKIX@xxxxxxxxxxxxxxxx>
Sender: "IETF X.509-based public key infrastructure mailing list" <IETF-PKIX@xxxxxxxxxxxxxxxx>

I strongly agree with Stephen on this.  One great value that OCSP
services could add would be to provide historical as well as current
revocation information.

        --Jeff

Stephen Farrell wrote:
>
> Hi Mike,
>
> Not sure if this needs a change, but...
>
> Part 1 now has a time input to the cert validation
> algorithm (the time at which the cert should have been/be
> valid).
>
> If OCSP is to fit seamlessly into this algorithm then you'll
> need an extension to the request so that the response doesn't
> refer to the current time, but to the time which was input
> to the cert validation alg.
>
> Regards,
> Stephen.

Follow-Ups:
- Re: [IETF-PKIX] OCSP at IETF
  - From: Michael Myers
- Re: [IETF-PKIX] OCSP at IETF
  - From: Denis Pinkas

References:
- Re: [IETF-PKIX] OCSP at IETF
  - From: Stephen Farrell

Prev by Date: Re: [IETF-PKIX] Subject/Issuer Name Population
Next by Date: Re: [IETF-PKIX] Key Identifiers
Previous by thread: Re: [IETF-PKIX] OCSP at IETF
Next by thread: Re: [IETF-PKIX] OCSP at IETF
Index(es):
- Date
- Thread