[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: OCSP - Public Key Dstribution

To: "'Denis Pinkas'" <Denis.Pinkas@xxxxxxxx>
Subject: RE: OCSP - Public Key Dstribution
From: Anders Rundgren <anders.rundgren@xxxxxxxxxx>
Date: Tue, 22 Sep 1998 13:30:44 +0200
Cc: "ietf-pkix@xxxxxxx" <ietf-pkix@xxxxxxx>
Sender: owner-ietf-pkix@xxxxxxx

Denis,
> something that is nontrivial.   And "Certificate Domain" is also missing.

???
Certificate Domain is some kind of indication of what kind of certificate(s)
you want to validate.  I.e. like SET-certificates, a National ID-card, OBI-trader etc.
This could be of interest in both the request and in the response.  I.e. a trusted OCSP
server may support overlapping or disjunct domains and a typical subscriber
may be interested in just one type.  To standardize this seems unnecessary
in the same sense as defining trust models in OCSP.  It is a *deployment* issue
like certificate policies and liabilities.

Other extensions, like certificate validation might be considered
once OCSP is closed.

I assume that the "closing" of OCSP will be pretty theoretical when the definition
of extensions starts.  Already an IETF agenda item it seems

Regards
Anders

Prev by Date: basic constraint extension
Next by Date: Re: PKIX Roadmap
Previous by thread: Re: OCSP - Public Key Dstribution
Next by thread: meeting minutes
Index(es):
- Date
- Thread