[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: apologies and comments on SCVP

To: "'Mary_Ellen_Zurko@xxxxxxxx'" <Mary_Ellen_Zurko@xxxxxxxx>, Ambarish Malpani <ambarish@xxxxxxxxxxxx>
Subject: RE: apologies and comments on SCVP
From: Ron Ramsay <Ron.Ramsay@xxxxxxxxxxxxxxxxxxxx>
Date: Mon, 30 Aug 1999 11:15:30 +1000
Cc: ietf-pkix@xxxxxxx

But a library will require that each client collect CRLs, that each
client be configured with the business/trust rules, etc. This sounds
like a significant systems administration problem.

> -----Original Message-----
> From:	Mary_Ellen_Zurko@iris.com [SMTP:Mary_Ellen_Zurko@iris.com]
> Sent:	Friday, August 27, 1999 9:55 PM
> To:	Ambarish Malpani
> Cc:	ietf-pkix@imc.org
> Subject:	RE: apologies and comments on SCVP
> 
> Hi Ambarish,
> 
> > ClientType1 basically wants to be able to use public key
> > cryptography (and the PKIX infrastructure), without needing to
> > understand all of PKIX part1, OCSP, LDAP etc. It is outsourcing
> > the task of checking cert status, cert expiry, policy management
> > etc to the SCVP server. The main question ClientType1 is asking
> > is: "Hey, I got this cert, can I use it for application X?".
> > The minimal response the server needs to provide is a signed
> > yes/no. If you throw away all the extra stuff, you essentially
> > have the client sending in a cert and getting back a yes/no
> > answer.
> 
> Why is the best answer to this need a protocol instead of a library?
> It
> seems if this is a technical need, you could craft a nice library with
> simple APIs to do this.
>      Mez

Prev by Date: Re: Multi-national company listing issues
Next by Date: RE: Deprecate the NR bit?
Previous by thread: RE: apologies and comments on SCVP
Next by thread: RE: apologies and comments on SCVP
Index(es):
- Date
- Thread