[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Archive cutoff & Retention period

To: Denis Pinkas <Denis.Pinkas@xxxxxxxx>, IETF-PXIX <ietf-pkix@xxxxxxx>
Subject: Re: Archive cutoff & Retention period
From: Michael Myers <mmyers@xxxxxxxxxxxx>
Date: Fri, 25 Sep 1998 09:24:36 -0700
Sender: owner-ietf-pkix@xxxxxxx

Denis,

At 10:03 AM 9/23/98 -0700, Denis Pinkas wrote:
>
>The "retention period" should be supported by all OCSP responders
>and thus should be part of the standard response. Adding a
>"retentionPeriod" after the "produceAt" from the ResponseData would
>be simpler than defining an extension.

We didn't want to break the response syntax, especially in light of the
fact that support for long term retention of status data is not a core
requirement.

>Then, let us address the Ť Archive Cutoff ť issue.
>
>If we were to support the archiving capability, with e.g. a 7 year
>retention, we would need an additional time parameter in the request
>to point to the equivalent of the right CRL issued at that time e.g.
>7 years ago. This parameter is currently not present. Unless it is
>added, the function cannot work. We thus have two options : add the
>missing parameter or delete this capability. Opinions ? 

As the public debate on this issue had concluded, the requirement is to
enable responders to assert a bound on the historical accuracy of their
responses.  The archive cutoff extension satisfies this requirement.  This
function speaks only to the most current status of the certificate, not to
its status at any point in time.

Mike

Prev by Date: I-D ACTION:draft-ietf-pkix-ipki2opp-08.txt
Next by Date: RE: NEW Data type for certificate selection ?
Previous by thread: Archive cutoff & Retention period
Next by thread: Revised LDAPv2 specs have been submitted
Index(es):
- Date
- Thread