[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security section of draft-ietf-pkix-opp-ftp-http

To: Paul Hoffman / IMC <phoffman@xxxxxxx>, ietf-pkix@xxxxxxx
Subject: Re: Security section of draft-ietf-pkix-opp-ftp-http
From: Moshe Litvin <moshe@xxxxxxxxxxxxxx>
Date: Wed, 22 Apr 1998 10:52:38 +0300
References: <> <>
Sender: owner-ietf-pkix@xxxxxxx

Paul Hoffman / IMC wrote:
> 
> At 11:26 AM 4/21/98 +0300, Moshe Litvin wrote:
> >The problem you describe is inherent to CRL and not to the distribution
> >method.
> 
> I disagree. If I send a request to a CA for the latest CRL, and I might get
> an old response if I use HTTP but am sure to get a current response if I
> use FTP, then the problem is in the distribution method.
> 

But this can happen also in FTP and LDAP:

1. Someone can write the old CRL back in place of the newer CRL in the
LDAP directory or the FTP server.

2. The LDAP directory could be a replicating one and the replication
hasn't occurred yet.

Do you have some sort of CRL distribution method that is immune to this
problem?

Moshe

-- 
-----------------------------------------------------------------------
Moshe Litvin                    Check Point Software Technologies Ltd.

moshe@checkpoint.com            Tel:   +972-3-753-4601 (972-3-753-4555)
                                Fax:   +972-3-575-9256
-----------------------------------------------------------------------

References:
- Security section of draft-ietf-pkix-opp-ftp-http
  - From: Paul Hoffman / IMC
- Re: Security section of draft-ietf-pkix-opp-ftp-http
  - From: Paul Hoffman / IMC

Prev by Date: CDP Alternative Proposal
Next by Date: RE: CDP Alternative Proposal
Previous by thread: Re: Security section of draft-ietf-pkix-opp-ftp-http
Next by thread: Re: RE: Security section of draft-ietf-pkix-opp-ftp-http
Index(es):
- Date
- Thread