[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: fast review of draft-ietf-pkix-ocsp-06.txt

To: aberger@xxxxxxxxxxxxxxxx, Denis.Pinkas@xxxxxxxx
Subject: Re: fast review of draft-ietf-pkix-ocsp-06.txt
From: Peter Sylvester <Peter.Sylvester@xxxxxxxxxx>
Date: Fri, 18 Sep 1998 17:41:07 +0200
Cc: ambarish@xxxxxxxxxxxx, ietf-pkix@xxxxxxx
Sender: owner-ietf-pkix@xxxxxxx

I support the suggestion from Denis.

I suggest that one adds an optional hash of the certificate.
it MAY be returned by the OCSP server, and it MAY be
requested by the OCSP server. one could use the now obsolete
error code certrequired (rename it certhashrequired).

Whenever a client actually has the cert I would expect that
it always sets the certHash in the request, the OCSP server
may remove the certHash in the response if the certHash
value was not used in order for identification, e.g. when
only the serialNumber was used. 

 
   CertID          ::=     SEQUENCE {
        hashAlgorithm       AlgorithmIdentifier,
        issuerNameHash      OCTET STRING, -- Hash of Issuer's DN
        issuerKeyHash       OCTET STRING OPTIONAL, -- Hash of Issuers public key
        serialNumber        CertificateSerialNumber 
        certHash            OCTET STRING OPTIONAL, -- hash of the certificate.

   }

Prev by Date: Re: fast review of draft-ietf-pkix-ocsp-06.txt
Next by Date: Re: proposed text for attributes
Previous by thread: Re: fast review of draft-ietf-pkix-ocsp-06.txt
Next by thread: Re: fast review of draft-ietf-pkix-ocsp-06.txt
Index(es):
- Date
- Thread