[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [IETF-PKIX] OCSP Status Information on a Certificate

To: IETF-PKIX@xxxxxxxxxxxxxxxx
Subject: Re: [IETF-PKIX] OCSP Status Information on a Certificate
From: Paul Hoffman / IMC <paulh@xxxxxxx>
Date: Fri, 17 Apr 1998 09:29:37 -0700
Approved-by: Paul Hoffman / IMC <paulh@IMC.ORG>
In-reply-to: <>
References: <>
Reply-to: "IETF X.509-based public key infrastructure mailing list" <IETF-PKIX@xxxxxxxxxxxxxxxx>
Sender: "IETF X.509-based public key infrastructure mailing list" <IETF-PKIX@xxxxxxxxxxxxxxxx>

At 08:48 AM 4/17/98 -0700, you wrote:
>And in the event a client receives {is revoked, not issued}, which
>dominates?  Similarly, {not revoked, not issued}.  I remain unconvinced this
>is no problem.

To the client, "not issued" is always more important than revoked or not
revoked. We can put that in the OCSP spec.

>As soon as OCSP clients are out there in any volume, there
>are those who will seek to determine the client's behavior in fringe cases.

I fully agree. That's why I'm I don't think that issued/not issued should
be a MAY: I think it has to be a MUST. We can be sure that some clients
will blow the comparison unless they are always told whether or not the
cert was even issued.

--Paul Hoffman, Director
--Internet Mail Consortium

Follow-Ups:
- Re: [IETF-PKIX] OCSP Status Information on a Certificate
  - From: Andreas Berger
- Re: [IETF-PKIX] OCSP Status Information on a Certificate
  - From: Ambarish Malpani

References:
- Re: [IETF-PKIX] OCSP Status Information on a Certificate
  - From: David P. Kemp
- Re: [IETF-PKIX] OCSP Status Information on a Certificate
  - From: Michael Myers

Prev by Date: Re: [IETF-PKIX] Subject/Issuer Name Population
Next by Date: Re: [IETF-PKIX] Key Identifiers
Previous by thread: Re: [IETF-PKIX] OCSP Status Information on a Certificate
Next by thread: Re: [IETF-PKIX] OCSP Status Information on a Certificate
Index(es):
- Date
- Thread