[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

OCSP questions

To: ietf-pkix@xxxxxxx
Subject: OCSP questions
From: Tom Arnold <toma@xxxxxxxxxxxxxxx>
Date: Fri, 14 Aug 1998 14:44:14 -0700
Sender: owner-ietf-pkix@xxxxxxx

I realize that OCSP Draft 5 is getting ready for last call, but ...

My point-of-view on the proposed standard is from an on-line transaction
processing perspective where certificates are used to authenticate the
sender of a transaction. And, where on-line processing, means respond in a
few seconds or less...

Is it the intent for the thisUpdate field in section 2.4 to timestamp when
a specific certificate being checked was reported as revoked? My concern
being that we need to know the exact time that a certificate was reported
as revoked. 

To what extent will the timestamp field be certified by the OCSP responder?

The time fields being described as generalizedTime (ASN.1) is fine but I'd
like to see that further qualified that the generalizedTime MUST be recored
as UTC time (example: 19981106210627.3Z). 


Lastly, what is the chance of a OCSP sender placing some quality-of-service
requirement on the OCSP responder? This is to suggest that if I'm batch
checking a database of certificates, I don't care if the OCSP message is
resonded in several minutes. But if a high-value transaction is pending, I
would want a response time in the sub-seconds range. Thoughts?







Tom Arnold
VP of Engineering
CyberSource Corporation
toma@cybersource.com

Follow-Ups:
- Re: OCSP questions
  - From: Dan Weinstein

Prev by Date: RE: German Key Usage
Next by Date: Re: ldapv2-schema and CA Certificates
Previous by thread: Status of OCSP WG Last Call?
Next by thread: Re: OCSP questions
Index(es):
- Date
- Thread