[pkix] RFC 6960 section 4.2.2.2. question
Antanas Živatkauskas <Antanas.Zivatkauskas@gyvreg.lt> Fri, 13 February 2015 12:36 UTC
Return-Path: <Antanas.Zivatkauskas@gyvreg.lt>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E94241A1B9C for <pkix@ietfa.amsl.com>; Fri, 13 Feb 2015 04:36:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.101
X-Spam-Level: *
X-Spam-Status: No, score=1.101 tagged_above=-999 required=5 tests=[BAYES_50=0.8, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BjDjz5477xsM for <pkix@ietfa.amsl.com>; Fri, 13 Feb 2015 04:36:06 -0800 (PST)
Received: from mail3.kada.lt (mail3.kada.lt [91.199.55.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F27B31A19F6 for <pkix@ietf.org>; Fri, 13 Feb 2015 04:36:05 -0800 (PST)
Received: from rcmail.kada.lan (rcmail [10.254.254.56]) by mail3.kada.lt (8.15.1/8.14.9) with ESMTPS id t1DCZXN9003591 (version=TLSv1 cipher=AES256-SHA bits=256 verify=FAIL) for <pkix@ietf.org>; Fri, 13 Feb 2015 14:35:33 +0200 (EET) (envelope-from Antanas.Zivatkauskas@gyvreg.lt)
Received: from rcmail.kada.lan (10.254.254.56) by rcmail.kada.lan (10.254.254.56) with Microsoft SMTP Server (TLS) id 15.0.1044.25; Fri, 13 Feb 2015 14:35:32 +0200
Received: from rcmail.kada.lan ([::1]) by rcmail.kada.lan ([::1]) with mapi id 15.00.1044.021; Fri, 13 Feb 2015 14:35:32 +0200
From: Antanas Živatkauskas <Antanas.Zivatkauskas@gyvreg.lt>
To: "'pkix@ietf.org'" <pkix@ietf.org>
Thread-Topic: RFC 6960 section 4.2.2.2. question
Thread-Index: AdBHiL8RA0CkdGMZQ7OvyuRXQLKqlw==
Date: Fri, 13 Feb 2015 12:35:32 +0000
Message-ID: <02c3425c45974d09861b79e078dd23f1@rcmail.kada.lan>
Accept-Language: en-US, lt-LT
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.102.14.53]
Content-Type: multipart/alternative; boundary="_000_02c3425c45974d09861b79e078dd23f1rcmailkadalan_"
MIME-Version: 1.0
X-RegistruCentras-MailScanner-Information: Please contact the ISP for more information
X-RegistruCentras-MailScanner-ID: t1DCZXN9003591
X-RegistruCentras-MailScanner: Found to be clean
X-RegistruCentras-MailScanner-From: antanas.zivatkauskas@gyvreg.lt
Archived-At: <http://mailarchive.ietf.org/arch/msg/pkix/bh6AEV8lDKaLQoxdsCNA4a5pHOw>
Subject: [pkix] RFC 6960 section 4.2.2.2. question
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Feb 2015 12:53:28 -0000
Need help in interpreting the following statement in RFC 6960 section 4.2.2.2. Authorized Responders: “Systems relying on OCSP responses MUST recognize a delegation certificate as being issued by the CA that issued the certificate in question only if the delegation certificate and the certificate being checked for revocation were signed by the same key.” It is not really clear if it is a must for systems relying on OCSP responses in all cases accept a delegation certificate as long as CA uses “the same issuing key to issue a delegation certificate as that used to sign the certificate being checked for revocation”, so that the alternative option of providing “a means of locally configuring one or more OCSP signing authorities and specifying the set of CAs for which each signing authority is trusted” is irrelevant. Is the word RECOGNIZE in the excerpt above interchangable with the word ACCEPT? If not, what is the meaning of RECOGNIZE, respectively the purpose of such recognition? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
- [pkix] RFC 6960 section 4.2.2.2. question Antanas Živatkauskas
- Re: [pkix] RFC 6960 section 4.2.2.2. question Santosh Chokhani
- Re: [pkix] RFC 6960 section 4.2.2.2. question David A. Cooper
- Re: [pkix] RFC 6960 section 4.2.2.2. question Antanas Živatkauskas
- Re: [pkix] RFC 6960 section 4.2.2.2. question Santosh Chokhani