[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: fast review of draft-ietf-pkix-ocsp-06.txt

To: ambarish@xxxxxxxxxxxx
Subject: Re: fast review of draft-ietf-pkix-ocsp-06.txt
From: Peter Sylvester <Peter.Sylvester@xxxxxxxxxx>
Date: Fri, 18 Sep 1998 10:56:24 +0200
Cc: ietf-pkix@xxxxxxx
Sender: owner-ietf-pkix@xxxxxxx

> > 
> 
> I actually think OCVP is a bigger thing than just making the hash
> of the issuer's PUBLIC key NULL. That whole topic should be
> addressed at one shot
> 
I am *not* really talking about OCVP, I am talking about 'CertID',
a short way to identify a certificate. The syntax
for the identification should be flexible enough  

- not to require more than the original certificate in
  order to construct the identification.

- to allow identification of a certificate in a given context
  ==> serial number for example or/and hash of cert

- to allow the OCSP provider to find the source of 
  information provider.
  ==> name of issuer may be necessary, hash of issuer name
      may not be sufficient. 

- to ensure that the creator of the certificate really has
  a copy of a cert.
  ==> hash of cert for example, or serialnumber if authority
      allocates them in a sparse way.

If we assume that the orginal version of OCSP where it was
possible to just have a cert did make sense, thus I do not
see why there is a need for the issuer public key extract 
in the certID. At least it should be optional in some way.

It seems useful to me to fix a syntax for CertID that
is sufficiently open for extensions without requiring
a new protocol version..

Peter

Follow-Ups:
- Re: fast review of draft-ietf-pkix-ocsp-06.txt
  - From: Andreas Berger

Prev by Date: Re: fast review of draft-ietf-pkix-ocsp-06.txt
Next by Date: Re: fast review of draft-ietf-pkix-ocsp-06.txt
Previous by thread: Re: fast review of draft-ietf-pkix-ocsp-06.txt
Next by thread: Re: fast review of draft-ietf-pkix-ocsp-06.txt
Index(es):
- Date
- Thread