Re: [pkix] Should a CRL be required for an OCSP service provider to assert status.
Stephen Kent <kent@bbn.com> Thu, 09 June 2016 15:33 UTC
Return-Path: <kent@bbn.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EECC212B061 for <pkix@ietfa.amsl.com>; Thu, 9 Jun 2016 08:33:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.627
X-Spam-Level:
X-Spam-Status: No, score=-4.627 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FSL_HELO_HOME=1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-1.426, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hMyU8tilEwqU for <pkix@ietfa.amsl.com>; Thu, 9 Jun 2016 08:33:49 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.0.80]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2675112B03A for <pkix@ietf.org>; Thu, 9 Jun 2016 08:33:49 -0700 (PDT)
Received: from ssh.bbn.com ([192.1.122.15]:44765 helo=COMSEC.fios-router.home) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1bB1xs-0009xp-CI for pkix@ietf.org; Thu, 09 Jun 2016 11:33:48 -0400
To: pkix@ietf.org
References: <CAJKvcBQq_uK3H_R4Twa9T7xPO-=ySTT1aS049b9QFYGhjsP+xg@mail.gmail.com> <201606091329.u59DTR95025744@mail.nbusr.sk>
From: Stephen Kent <kent@bbn.com>
Message-ID: <57598C5B.1010808@bbn.com>
Date: Thu, 09 Jun 2016 11:33:47 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:38.0) Gecko/20100101 Thunderbird/38.7.2
MIME-Version: 1.0
In-Reply-To: <201606091329.u59DTR95025744@mail.nbusr.sk>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/pkix/d0UDX3KXsvwAnu8l1t06tNpQj3E>
Subject: Re: [pkix] Should a CRL be required for an OCSP service provider to assert status.
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Jun 2016 15:33:50 -0000
Peter, I think it's appropriate to cite X.509 text in response to Daniel's questions. However, EU legislation is not the same as ITU or IETF standards, and one should note that distinction, where appropriate. For example, I recall that PKIX did not endorse the notion of OCSP providing an indication of a cert as valid, vs. not revoked, when folks have posed that question in the past. Steve
- Re: [pkix] Should a CRL be required for an OCSP s… Stephen Kent
- Re: [pkix] Should a CRL be required for an OCSP s… Martin Rex
- Re: [pkix] Should a CRL be required for an OCSP s… Stephen Kent
- Re: [pkix] Should a CRL be required for an OCSP s… Peter Bowen
- Re: [pkix] Should a CRL be required for an OCSP s… Erwann Abalea
- Re: [pkix] Should a CRL be required for an OCSP s… Stephen Kent
- [pkix] Should a CRL be required for an OCSP servi… daniel bryan
- Re: [pkix] Should a CRL be required for an OCSP s… Peter Rybár
- Re: [pkix] Should a CRL be required for an OCSP s… Stephen Kent
- Re: [pkix] Should a CRL be required for an OCSP s… daniel bryan
- Re: [pkix] Should a CRL be required for an OCSP s… David A. Cooper
- Re: [pkix] Should a CRL be required for an OCSP s… Martin Rex