[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [TLS] TLS document status update

To: tls@xxxxxxxx
Subject: Re: [TLS] TLS document status update
From: Mike <mike-list@xxxxxxxxx>
Date: Tue, 29 Apr 2008 17:25:02 -0700
Delivered-to: tls@xxxxxxxxxxxxxx
In-reply-to: <20080429202042.3E54E5081A@xxxxxxxxxxxxxx>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
References: <1696498986EFEC4D9153717DA325CB727BC503@xxxxxxxxxxxxxxxxxxxxxx> <48173B41.5000401@xxxxxxxxxxx> <20080429152618.B25AD5081A@xxxxxxxxxxxxxx> <48174BB8.7080009@xxxxxxxxx> <20080429202042.3E54E5081A@xxxxxxxxxxxxxx>
Sender: tls-bounces@xxxxxxxx
User-agent: Thunderbird 2.0.0.12 (Windows/20080213)

>> There is the problem of the client knowing when its certificate is
>> updated and that it should retrieve a new copy to recalculate the
>> hash.  It could keep track of its own validity period, but that
>> complicates things, and wouldn't work if the CA decides to reissue
>> a certificate early.
> 
> Polling occasionally hardly seems like an insuperable barrier.

Another problem is if the client merely polls the URL to obtain the
certificate to calculate the hash without verifying that the cert.
is correct.  And how can it know if the certificate is correct w/o
having its own copy?  This extension could just be a big can of
worms.

Mike
_______________________________________________
TLS mailing list
TLS@xxxxxxxx
https://www.ietf.org/mailman/listinfo/tls

Follow-Ups:
- Re: [TLS] TLS document status update
  - From: Eric Rescorla

References:
- [TLS] TLS document status update
  - From: Pasi.Eronen
- Re: [TLS] TLS document status update
  - From: Nelson B Bolyard
- Re: [TLS] TLS document status update
  - From: Eric Rescorla
- Re: [TLS] TLS document status update
  - From: Mike
- Re: [TLS] TLS document status update
  - From: Eric Rescorla

Prev by Date: Re: [TLS] TLS document status update
Next by Date: Re: [TLS] TLS document status update
Previous by thread: Re: [TLS] TLS document status update
Next by thread: Re: [TLS] TLS document status update
Index(es):
- Date
- Thread