RE: New CMC Draft available - Confirmation Message

[Carlisle Adams <carlisle.adams@xxxxxxxxxxx>]

Hi Jim,

> ----------
> From: 	Jim Schaad (Exchange)[SMTP:jimsch@exchange.microsoft.com]
> Sent: 	Tuesday, April 13, 1999 3:01 PM
> To: 	'walter@deh.de'; IETF-PKIX (E-mail)
> Subject: 	RE: New CMC Draft available - Confirmation Message
> 
> Juergen,
> 
> The problem that I have with this approach is that there is no way of
> knowing what the delay is going to be on the acceptance showing up on at
> the
> CA.  (Nor do all transport mechinisms guantee delivery.)  Thus a client
> can
> think it did accept a certificate and the CA can reach an opposite
> conclusion.  If the client asks for revocation, it can later check to make
> sure that this operation occured.
 
Note that if client acceptance is the trigger for CA publication of the
certificate, it is still the case that the client can later check to make
sure that its confirmation message was received (i.e., by looking wherever
certs get posted).

Uncertainties on the client end notwithstanding, Juergen makes a good point
(which I forgot to mention in my previous posting on CMC comments):  some
environments require the CA to receive an explicit acceptance from the
client in order to treat the certificate as "ready for use" and to issue it
publicly.  (This may be for legal, liability, or other reasons.)  A
confirmation message is a useful way to satisfy that requirement within the
protocol.

Carlisle.