RE: Online Certificate Revocation Protocol
Frank Balluffi <frankb@valicert.com> Fri, 08 June 2001 03:33 UTC
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id XAA20757 for <pkix-archive@odin.ietf.org>; Thu, 7 Jun 2001 23:33:50 -0400 (EDT)
Received: (from majordomo@localhost) by above.proper.com (8.9.3/8.9.3) id UAA02094 for ietf-pkix-bks; Thu, 7 Jun 2001 20:02:44 -0700 (PDT)
Received: from ext-mail.valicert.com (ns1.valicert.com [63.65.221.10]) by above.proper.com (8.9.3/8.9.3) with ESMTP id UAA02087 for <ietf-pkix@imc.org>; Thu, 7 Jun 2001 20:02:38 -0700 (PDT)
Received: from CONVERSION-DAEMON by ext-mail.valicert.com (PMDF V5.2-33 #46613) id <0GEL00L01CH01D@ext-mail.valicert.com> for ietf-pkix@imc.org; Thu, 7 Jun 2001 20:03:01 -0700 (PDT)
Received: from polaris.valicert.com ([192.168.2.34]) by ext-mail.valicert.com (PMDF V5.2-33 #46613) with ESMTP id <0GEL00KH3CH05V@ext-mail.valicert.com>; Thu, 07 Jun 2001 20:03:00 -0700 (PDT)
Received: by exchange.valicert.com with Internet Mail Service (5.5.2650.21) id <MDJS7JQ7>; Thu, 07 Jun 2001 19:59:47 -0700
Content-return: allowed
Date: Thu, 07 Jun 2001 19:59:41 -0700
From: Frank Balluffi <frankb@valicert.com>
Subject: RE: Online Certificate Revocation Protocol
To: 'Carlin Covey' <ccovey@cylink.com>, hansenw@ece.ubc.ca, madwolf@openca.org
Cc: ietf-pkix@imc.org
Message-id: <613B3C619C9AD4118C4E00B0D03E7C3E014BADB8@exchange.valicert.com>
MIME-version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-type: text/plain; charset="gb2312"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Yes. It sounds like a job for section 3.3.15 of http://www.ietf.org/internet-drafts/draft-ietf-pkix-rfc2510bis-04.txt. Frank > -----Original Message----- > From: Carlin Covey [mailto:ccovey@cylink.com] > Sent: Thursday, June 07, 2001 9:18 PM > To: hansenw@ece.ubc.ca; madwolf@openca.org > Cc: ietf-pkix@imc.org > Subject: RE: Online Certificate Revocation Protocol > > > Massimiliano, > > If you are interested in a protocol that indicates whether a > certificate has been revoked, then the OCSP document that Hansen > referred you to is appropriate. You can get it at > http://www.ietf.org/rfc/rfc2560.txt) > > Version 2 of the OCSP protocol is described in an Internet Draft > available at > http://www.ietf.org/internet-drafts/draft-ietf-pkix-ocspv2-02.txt > > Simple Certificate Validation Protocol is another candidate. You > can get the latest version of this at > http://www.ietf.org/internet-drafts/draft-ietf-pkix-scvp-05.txt > > But none of these allow a certificate to be revoked. I gather that > you are interested in a protocol for requesting revocation of > certificates. > Check out CMP, available at > http://www.ietf.org/internet-drafts/draft-ietf-pkix-rfc2510bis-04.txt > > Regards, > > Carlin > > ____________________________ > > - Carlin Covey > Cylink Corporation > > > -----Original Message----- > From: owner-ietf-pkix@mail.imc.org > [mailto:owner-ietf-pkix@mail.imc.org]On > Behalf Of Hansen Wang > Sent: Thursday, June 07, 2001 5:36 PM > To: madwolf@openca.org > Cc: ietf-pkix@imc.org > Subject: Re: Online Certificate Revocation Protocol > > > Massimiliano Pala wrote: > > > > Hi all, > > > > I am in search of some help and suggestions about > certificate revocation. > The > > problem is that, as far as I know, no rfc covers a possible online > revocation > > protocol to be used to revoke a certificate. > > Isn't that what OCSP supposed to do? RFC 2560 > > 2560 X.509 Internet Public Key Infrastructure Online Certificate > Status Protocol - OCSP. M. Myers, R. Ankney, A. Malpani, S. Galperin, > C. Adams. June 1999. > > Also Certificate Revocation Status is also a per request - > per response > system. > > > > > > The model I am thinking of is request-response oriented > and, depending on > > the policy adopted by the corresponding CA, permits a > user/router/etc... > to > > ask for revocation of a certificate. This can help > environments where > > certificates from different vendors are used and we want to > be able to ask > > for revocation without having to follow different > procedures for different > > CSP -- additional steps could/shall, depending on the > policy adopted, > > be taken to accomplish the revocation process. > > > > Has my problem a solution yet ??? Or can I work on a proposal to be > > submitted for comments and reviews ??? > > - > Hansen Wang > <http://members.home.net/hansen.wang/ >
- RE: Online Certificate Revocation Protocol JANES, Mark
- Online Certificate Revocation Protocol Massimiliano Pala
- Online Certificate Revocation Protocol Massimiliano Pala
- Re: Online Certificate Revocation Protocol Hansen Wang
- RE: Online Certificate Revocation Protocol Carlin Covey
- RE: Online Certificate Revocation Protocol Peter Williams
- RE: Online Certificate Revocation Protocol Frank Balluffi
- Re: Online Certificate Revocation Protocol Massimiliano Pala
- Re: Online Certificate Revocation Protocol Massimiliano Pala
- Re: Online Certificate Revocation Protocol Nada Kapidzic Cicovic
- Re: Online Certificate Revocation Protocol Massimiliano Pala
- Re: Online Certificate Revocation Protocol Peter Gutmann
- RE: Online Certificate Revocation Protocol Peter Gutmann
- Re: Online Certificate Revocation Protocol Massimiliano Pala
- Re: Online Certificate Revocation Protocol Housley, Russ
- RE: Online Certificate Revocation Protocol Santosh Chokhani
- Re: Online Certificate Revocation Protocol Tony Bartoletti
- Re: Online Certificate Revocation Protocol Tony Bartoletti
- RE: Online Certificate Revocation Protocol Santosh Chokhani
- Re: Online Certificate Revocation Protocol Andrew W. Gray
- Re: Online Certificate Revocation Protocol Paul Hoffman / IMC
- Re: Online Certificate Revocation Protocol Hansen Wang
- Re: Online Certificate Revocation Protocol Tony Bartoletti
- Re: Online Certificate Revocation Protocol Tony Bartoletti
- Re: Online Certificate Revocation Protocol Marc Branchaud
- RE: Online Certificate Revocation Protocol Paul Gogarty
- Re: Online Certificate Revocation Protocol jim
- Re: Online Certificate Revocation Protocol Hansen Wang
- Online Certificate Revocation Protocol Mr Jonathan W Jenkyn
- Re: Online Certificate Revocation Protocol Hansen Wang
- Online Certificate Revocation Protocol Massimiliano Pala
- Re: Online Certificate Revocation Protocol Massimiliano Pala
- Online Certificate Revocation Protocol Massimiliano Pala
- RE: Online Certificate Revocation Protocol Santosh Chokhani
- RE: Online Certificate Revocation Protocol Santosh Chokhani
- Re: Online Certificate Revocation Protocol Paul Hoffman / IMC
- Re: Online Certificate Revocation Protocol jim
- Re: Online Certificate Revocation Protocol Peter Gutmann
- Re: Online Certificate Revocation Protocol Peter Gutmann
- Re: Online Certificate Revocation Protocol Peter Gutmann
- RE: Online Certificate Revocation Protocol Santosh Chokhani
- Re: Online Certificate Revocation Protocol Massimiliano Pala
- Re: Online Certificate Revocation Protocol Bob Jueneman
- RE: Online Certificate Revocation Protocol Santosh Chokhani
- RE: Online Certificate Revocation Protocol Santosh Chokhani
- RE: Online Certificate Revocation Protocol Carlin Covey
- Re: Online Certificate Revocation Protocol Marc Branchaud
- RE: Online Certificate Revocation Protocol Tony Bartoletti
- Re: Online Certificate Revocation Protocol Tony Bartoletti
- Re: Online Certificate Revocation Protocol Marc Branchaud
- Re: Online Certificate Revocation Protocol Marc Branchaud
- RE: Online Certificate Revocation Protocol Santosh Chokhani
- Re: Online Certificate Revocation Protocol Massimiliano Pala
- RE: Online Certificate Revocation Protocol Lynn.Wheeler
- Re: Online Certificate Revocation Protocol Marc Branchaud
- RE: Online Certificate Revocation Protocol Carlin Covey
- RE: Online Certificate Revocation Protocol Lynn.Wheeler
- RE: Online Certificate Revocation Protocol Paul Gogarty
- RE: Online Certificate Revocation Protocol Scherling, Mark
- RE: Online Certificate Revocation Protocol Carlin Covey
- RE: Online Certificate Revocation Protocol Scherling, Mark
- RE: Online Certificate Revocation Protocol Bob Jueneman
- RE: Online Certificate Revocation Protocol Scherling, Mark
- Re: Online Certificate Revocation Protocol Terry Hayes
- RE: Online Certificate Revocation Protocol Santosh Chokhani
- RE: Online Certificate Revocation Protocol Scherling, Mark
- RE: Online Certificate Revocation Protocol Santosh Chokhani
- RE: Online Certificate Revocation Protocol Scherling, Mark
- RE: Online Certificate Revocation Protocol Santosh Chokhani
- RE: Online Certificate Revocation Protocol Santosh Chokhani
- RE: Online Certificate Revocation Protocol Carlin Covey
- Re: Online Certificate Revocation Protocol Peter Gutmann
- RE: Online Certificate Revocation Protocol Lynn.Wheeler
- Re: Online Certificate Revocation Protocol Massimiliano Pala
- Re: Online Certificate Revocation Protocol jim
- Re: Online Certificate Revocation Protocol jim
- Re: Online Certificate Revocation Protocol Lynn.Wheeler
- Re: Online Certificate Revocation Protocol Tony Bartoletti
- Re: Online Certificate Revocation Protocol Tony Bartoletti
- RE: Online Certificate Revocation Protocol Scherling, Mark
- RE: Online Certificate Revocation Protocol Hal Lockhart
- Re: Online Certificate Revocation Protocol Peter Gutmann
- RE: Online Certificate Revocation Protocol Santosh Chokhani
- RE: Online Certificate Revocation Protocol Santosh Chokhani
- Re: Online Certificate Revocation Protocol jim
- RE: Online Certificate Revocation Protocol Santosh Chokhani
- RE: Online Certificate Revocation Protocol Liaquat Khan
- RE: Online Certificate Revocation Protocol Scherling, Mark
- RE: Online Certificate Revocation Protocol Santosh Chokhani
- Re: Online Certificate Revocation Protocol Tony Bartoletti
- RE: Online Certificate Revocation Protocol Scherling, Mark
- RE: Online Certificate Revocation Protocol Santosh Chokhani
- RE: Online Certificate Revocation Protocol Tony Bartoletti
- Re: Online Certificate Revocation Protocol jim
- RE: Online Certificate Revocation Protocol Luis Azevedo
- Re: Online Certificate Revocation Protocol Denis Pinkas
- Re: Online Certificate Revocation Protocol Peter Gutmann
- RE: Online Certificate Revocation Protocol Liaquat Khan
- Re: Online Certificate Revocation Protocol Denis Pinkas
- Re: Online Certificate Revocation Protocol Denis Pinkas
- Re: Online Certificate Revocation Protocol Nick Pope