[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: SCVP-01

To: ietf-pkix@xxxxxxx
Subject: RE: SCVP-01
From: Paul Hoffman / VPNC <paul.hoffman@xxxxxxxx>
Date: Wed, 25 Aug 1999 09:38:47 -0700
In-reply-to: <>

At 01:00 PM 8/24/1999 -0700, Don Schmidt (Exchange) wrote:

But most important, we do not agree with the fundamental justification for
SCVP.  The primary rationale provided in Oslo was that server-based
certificate validation is required by small devices which do NOT have
adequate processing and memory capabilities to locally validate certificate
chains, but DO have readily available network connections to offload this
work to a server.

As the -01 draft says very plainly, there are two broad uses for SCVP; you have named just one. The other, helping clients do their own validation, was heavily discussed in Oslo and made much more prominent throughout the -01 draft.

You may be right that no small Internet appliance will ever need a host to do its validation (although I question how any of us can predict the future desires and needs of Internet devices very well, given our abysmal past predictions). You will certainly be right if there is no standard way for these products to get the services they would need if they existed.

However, I'm quite skeptical of anyone who feels that a PKI user can always easily get all the needed chaining certificates and revocation information for path validation for all the partners whom they would want to authenticate. This will only work in a closed environment, probably with one root and path lengths of no more than 2 CAs, and clients that can use multiple retrieval protocols. Restricting PKI customers to this model doesn't serve their legitimate needs at all.

--Paul Hoffman, Director
--VPN Consortium

References:
- RE: SCVP-01
  - From: Don Schmidt (Exchange)

Prev by Date: Re: Options, was Re: To Be, or NR To Be ...
Next by Date: Re: multinational directories
Previous by thread: RE: SCVP-01
Next by thread: RE: SCVP-01
Index(es):
- Date
- Thread