[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: RE: Security section of draft-ietf-pkix-opp-ftp-http

To: ietf-pkix@xxxxxxx
Subject: Re: RE: Security section of draft-ietf-pkix-opp-ftp-http
From: Paul Hoffman / IMC <phoffman@xxxxxxx>
Date: Tue, 21 Apr 1998 14:35:28 -0700
In-reply-to: <>
Sender: owner-ietf-pkix@xxxxxxx

After talking to David Kemp, I'd like to propose an additional paragraph to
the one I had already proposed for the security section:

If a CA issues one or more CRLs before the nextUpdate time
of a previous CRL, a requestor has no way of ensuring that a CRL
received from that CA is the most current one available.  Caching,
repository updating, and man-in-the-middle attacks may all result in
a valid but outdated CRL being accepted by the requestor without the
requestor knowing that a newer CRL is available.


--Paul Hoffman, Director
--Internet Mail Consortium

References:
- Re: RE: Security section of draft-ietf-pkix-opp-ftp-http
  - From: David P. Kemp

Prev by Date: Re: RE: Security section of draft-ietf-pkix-opp-ftp-http
Next by Date: CDP Alternative Proposal
Previous by thread: Re: RE: Security section of draft-ietf-pkix-opp-ftp-http
Next by thread: Re: Security section of draft-ietf-pkix-opp-ftp-http
Index(es):
- Date
- Thread