[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: fast review of draft-ietf-pkix-ocsp-06.txt

To: ietf-pkix@xxxxxxx
Subject: Re: fast review of draft-ietf-pkix-ocsp-06.txt
From: Michael Myers <mmyers@xxxxxxxxxxxx>
Date: Fri, 18 Sep 1998 18:00:08 -0700
Sender: owner-ietf-pkix@xxxxxxx

All,

The intent was to provide an alternative to CRLs.  Following that model,
there's an underlying assumption that the end-entity is in possession of
the CA's certificate (as would be needed to validate the signature on a CRL.)

OCSP never had a requirement to validate an end-entity certificate in the
absence of the CA certificate at the requestor end.  It's not just a
requirement on syntax at the request.  This would also imply path
validation logic on the server.  The consensus has been conclusively
established that full certificate validation is beyond the scope of this
protocol.

There's consequently no need to alter the request syntax.

Mike

Follow-Ups:
- Re: fast review of draft-ietf-pkix-ocsp-06.txt
  - From: Denis Pinkas

Prev by Date: RE: proposed text for attributes
Next by Date: Testing the ASN.1 in Part 1
Previous by thread: Re: fast review of draft-ietf-pkix-ocsp-06.txt
Next by thread: Re: fast review of draft-ietf-pkix-ocsp-06.txt
Index(es):
- Date
- Thread