IETF Logo Mail Archive

Re: request for WG to adopt draft-chadwick-webdav-00.txt as a work item

Stephen Kent <kent@bbn.com> Thu, 06 September 2007 14:12 UTC

Return-path: <owner-ietf-pkix@mail.imc.org>
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1ITI5u-000844-PY for pkix-archive@lists.ietf.org; Thu, 06 Sep 2007 10:12:30 -0400
Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1ITI5t-0008IC-Ei for pkix-archive@lists.ietf.org; Thu, 06 Sep 2007 10:12:30 -0400
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l86CmFVm037297 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 6 Sep 2007 05:48:15 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l86CmFfD037296; Thu, 6 Sep 2007 05:48:15 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from mx12.bbn.com (mx12.bbn.com [128.33.0.81]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l86CmE26037284 for <ietf-pkix@imc.org>; Thu, 6 Sep 2007 05:48:14 -0700 (MST) (envelope-from kent@bbn.com)
Received: from dommiel.bbn.com ([192.1.122.15] helo=[169.223.7.90]) by mx12.bbn.com with esmtp (Exim 4.60) (envelope-from <kent@bbn.com>) id 1ITGmL-0004Kr-3W; Thu, 06 Sep 2007 08:48:13 -0400
Mime-Version: 1.0
Message-Id: <p06240504c305a4e5afb4@[169.223.7.90]>
In-Reply-To: <20070906164906.77095d06@garlique.algebras.org>
References: <20070906121635.134112cf@garlique.algebras.org> <A15AC0FBACD3464E95961F7C0BCD1FF006A25BDE5E@EA-EXMSG-C307.europe.corp.micr osoft.com> <20070906160757.4ccdf148@garlique.algebras.org> <A15AC0FBACD3464E95961F7C0BCD1FF006A25BDE83@EA-EXMSG-C307.europe.corp.micr osoft.com> <20070906164906.77095d06@garlique.algebras.org>
Date: Thu, 06 Sep 2007 08:48:13 -0400
To: George Michaelson <ggm@apnic.net>
From: Stephen Kent <kent@bbn.com>
Subject: Re: request for WG to adopt draft-chadwick-webdav-00.txt as a work item
Cc: "ietf-pkix@imc.org" <ietf-pkix@imc.org>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 7d33c50f3756db14428398e2bdedd581

At 4:49 PM +0530 9/6/07, George Michaelson wrote:
>...
>
>>  It is my experience that OCSP and CRLs works very well in the vast
>>  majority of cases I see.
>
>That's good to know. Because the SIDR WG is about testing assertions
>about the totality of the information in the repository, OCSP was not
>high on my radar. access to CRLs, and efficient access to repositories
>is, and web or webdav, in allowing mechanisms like cache time controls,
>virtual hosting and streams of data, looked like a good longterm fit.

It's important to let folks in PKIX know that the SIDR context is not 
typical for PKIs. In the RPKI EVERY RP needs to verify EVERY cert and 
CRL (and other signed objects), in nominal operation. Thus an 
OCSP-style revocation status mechanism is inappropriate as it would 
generate tons of requests/responses.

Steve

v2.23.0 | Report a Bug | By Email