IETF Logo Mail Archive

Re: request for WG to adopt draft-chadwick-webdav-00.txt as a work item

Stephen Kent <kent@bbn.com> Mon, 10 September 2007 18:14 UTC

Return-path: <owner-ietf-pkix@mail.imc.org>
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IUnm4-0002oO-FF for pkix-archive@lists.ietf.org; Mon, 10 Sep 2007 14:14:16 -0400
Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IUnm3-0005C3-4r for pkix-archive@lists.ietf.org; Mon, 10 Sep 2007 14:14:16 -0400
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l8AHNQ1t073392 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 10 Sep 2007 10:23:26 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l8AHNQYn073391; Mon, 10 Sep 2007 10:23:26 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from mx12.bbn.com (mx12.bbn.com [128.33.0.81]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l8AHNPph073385 for <ietf-pkix@imc.org>; Mon, 10 Sep 2007 10:23:25 -0700 (MST) (envelope-from kent@bbn.com)
Received: from dhcp89-089-071.bbn.com ([128.89.89.71]) by mx12.bbn.com with esmtp (Exim 4.60) (envelope-from <kent@bbn.com>) id 1IUmyq-0007Re-4P; Mon, 10 Sep 2007 13:23:24 -0400
Mime-Version: 1.0
Message-Id: <p06240511c30b2a2eae3c@[128.89.89.71]>
In-Reply-To: <46E1B0B7.3080003@kent.ac.uk>
References: <OF3876B698.C80CC9A9-ONC125734F.002F7456@frcl.bull.fr> <46E1B0B7.3080003@kent.ac.uk>
Date: Mon, 10 Sep 2007 13:11:31 -0400
To: David Chadwick <d.w.chadwick@kent.ac.uk>
From: Stephen Kent <kent@bbn.com>
Subject: Re: request for WG to adopt draft-chadwick-webdav-00.txt as a work item
Cc: "ietf-pkix@imc.org" <ietf-pkix@imc.org>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 1ac7cc0a4cd376402b85bc1961a86ac2

David,

I have to agree with those who have expressed some concerns about 
security aspects of cert revocation status under the WebDAV model.  I 
think it is a precept of current PKI models that we don't rely 
completely on the integrity of repositories.  That's why we post 
signed CRLs and why the v2 CRL has both this update and next update 
fields. We are always cognizant of the possibility that even with 
signed data, the data might not be fresh, and so we try to minimize 
the vulnerabilities associated with our reliance on on repositories.

Steve

v2.23.0 | Report a Bug | By Email