Re: Online Certificate Revocation Protocol
Nada Kapidzic Cicovic <nada@entegrity.com> Fri, 08 June 2001 11:58 UTC
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id HAA10090 for <pkix-archive@odin.ietf.org>; Fri, 8 Jun 2001 07:58:08 -0400 (EDT)
Received: by above.proper.com (8.9.3/8.9.3) id EAA16016 for ietf-pkix-bks; Fri, 8 Jun 2001 04:27:11 -0700 (PDT)
Received: from exchsvr1.entegrity.com (exchsvr1.entegrity.com [207.215.19.3]) by above.proper.com (8.9.3/8.9.3) with ESMTP id EAA15996 for <ietf-pkix@imc.org>; Fri, 8 Jun 2001 04:27:05 -0700 (PDT)
Received: from cooper.entegrity.com (dave.entegrity.se [195.100.88.62]) by exchsvr1.entegrity.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21) id LCC39G32; Fri, 8 Jun 2001 04:28:48 -0700
Message-Id: <5.1.0.14.0.20010608131408.04479270@exchsvr1.entegrity.com>
X-Sender: nada@exchsvr1.entegrity.com
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Fri, 08 Jun 2001 13:21:07 +0200
To: madwolf@openca.org, ietf-pkix@imc.org
From: Nada Kapidzic Cicovic <nada@entegrity.com>
Subject: Re: Online Certificate Revocation Protocol
In-Reply-To: <3B209485.CD2CB49A@hackmasters.net>
References: <KHEDLMGGCCGHDAAKNAFOOEINCAAA.ccovey@cylink.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
At 11:01 AM 6/8/01 +0200, Massimiliano Pala wrote: >Carlin Covey wrote: > > > But none of these allow a certificate to be revoked. I gather that > > you are interested in a protocol for requesting revocation of certificates. > > Check out CMP, available at > > http://www.ietf.org/internet-drafts/draft-ietf-pkix-rfc2510bis-04.txt > >This could be the case, anyway I was thinking of something more "robust" >and a little bit complex -- as request/response contents -- to prevent >unauthorized revoking requesting to prevent as much as possible DoS but >allowing for a simple revocation method. This could help environments where >legal issues are also covered -- govenment PKIs, Municipalities PKIs, >etc... This is exactly what CMP specifies. Many vendors already have support for CMP EE initiated certificate revocation. The interoperability of different implementations of CMP certificate revocation (among other things) has been conducted during PKI Forum and ICSA CMP interop testing quite successfully. Nada >The model I've been thinking of is mostly based on a structure very similar >to the model proposed in OCSP. The choosen transport mechanism could be >HTTP -- this could help browsers in adding the functionality and CSP to >implement the service. > >-- > >C'you, > > Massimiliano Pala > >--o------------------------------------------------------------------------- >Massimiliano Pala [OpenCA Project Manager] madwolf@openca.org > madwolf@hackmasters.net >http://www.openca.org Tel.: +39 (0)59 270 094 >http://openca.sourceforge.net Mobile: +39 (0)347 7222 365 ______________________________________________________________ Nada Kapidzic Cicovic, Ph.D. Technical Director, Entegrity Solutions office: + 46 8 477 77 37, cell: + 46 70 495 09 03, fax: + 46 8 477 77 31
- RE: Online Certificate Revocation Protocol JANES, Mark
- Online Certificate Revocation Protocol Massimiliano Pala
- Online Certificate Revocation Protocol Massimiliano Pala
- Re: Online Certificate Revocation Protocol Hansen Wang
- RE: Online Certificate Revocation Protocol Carlin Covey
- RE: Online Certificate Revocation Protocol Peter Williams
- RE: Online Certificate Revocation Protocol Frank Balluffi
- Re: Online Certificate Revocation Protocol Massimiliano Pala
- Re: Online Certificate Revocation Protocol Massimiliano Pala
- Re: Online Certificate Revocation Protocol Nada Kapidzic Cicovic
- Re: Online Certificate Revocation Protocol Massimiliano Pala
- Re: Online Certificate Revocation Protocol Peter Gutmann
- RE: Online Certificate Revocation Protocol Peter Gutmann
- Re: Online Certificate Revocation Protocol Massimiliano Pala
- Re: Online Certificate Revocation Protocol Housley, Russ
- RE: Online Certificate Revocation Protocol Santosh Chokhani
- Re: Online Certificate Revocation Protocol Tony Bartoletti
- Re: Online Certificate Revocation Protocol Tony Bartoletti
- RE: Online Certificate Revocation Protocol Santosh Chokhani
- Re: Online Certificate Revocation Protocol Andrew W. Gray
- Re: Online Certificate Revocation Protocol Paul Hoffman / IMC
- Re: Online Certificate Revocation Protocol Hansen Wang
- Re: Online Certificate Revocation Protocol Tony Bartoletti
- Re: Online Certificate Revocation Protocol Tony Bartoletti
- Re: Online Certificate Revocation Protocol Marc Branchaud
- RE: Online Certificate Revocation Protocol Paul Gogarty
- Re: Online Certificate Revocation Protocol jim
- Re: Online Certificate Revocation Protocol Hansen Wang
- Online Certificate Revocation Protocol Mr Jonathan W Jenkyn
- Re: Online Certificate Revocation Protocol Hansen Wang
- Online Certificate Revocation Protocol Massimiliano Pala
- Re: Online Certificate Revocation Protocol Massimiliano Pala
- Online Certificate Revocation Protocol Massimiliano Pala
- RE: Online Certificate Revocation Protocol Santosh Chokhani
- RE: Online Certificate Revocation Protocol Santosh Chokhani
- Re: Online Certificate Revocation Protocol Paul Hoffman / IMC
- Re: Online Certificate Revocation Protocol jim
- Re: Online Certificate Revocation Protocol Peter Gutmann
- Re: Online Certificate Revocation Protocol Peter Gutmann
- Re: Online Certificate Revocation Protocol Peter Gutmann
- RE: Online Certificate Revocation Protocol Santosh Chokhani
- Re: Online Certificate Revocation Protocol Massimiliano Pala
- Re: Online Certificate Revocation Protocol Bob Jueneman
- RE: Online Certificate Revocation Protocol Santosh Chokhani
- RE: Online Certificate Revocation Protocol Santosh Chokhani
- RE: Online Certificate Revocation Protocol Carlin Covey
- Re: Online Certificate Revocation Protocol Marc Branchaud
- RE: Online Certificate Revocation Protocol Tony Bartoletti
- Re: Online Certificate Revocation Protocol Tony Bartoletti
- Re: Online Certificate Revocation Protocol Marc Branchaud
- Re: Online Certificate Revocation Protocol Marc Branchaud
- RE: Online Certificate Revocation Protocol Santosh Chokhani
- Re: Online Certificate Revocation Protocol Massimiliano Pala
- RE: Online Certificate Revocation Protocol Lynn.Wheeler
- Re: Online Certificate Revocation Protocol Marc Branchaud
- RE: Online Certificate Revocation Protocol Carlin Covey
- RE: Online Certificate Revocation Protocol Lynn.Wheeler
- RE: Online Certificate Revocation Protocol Paul Gogarty
- RE: Online Certificate Revocation Protocol Scherling, Mark
- RE: Online Certificate Revocation Protocol Carlin Covey
- RE: Online Certificate Revocation Protocol Scherling, Mark
- RE: Online Certificate Revocation Protocol Bob Jueneman
- RE: Online Certificate Revocation Protocol Scherling, Mark
- Re: Online Certificate Revocation Protocol Terry Hayes
- RE: Online Certificate Revocation Protocol Santosh Chokhani
- RE: Online Certificate Revocation Protocol Scherling, Mark
- RE: Online Certificate Revocation Protocol Santosh Chokhani
- RE: Online Certificate Revocation Protocol Scherling, Mark
- RE: Online Certificate Revocation Protocol Santosh Chokhani
- RE: Online Certificate Revocation Protocol Santosh Chokhani
- RE: Online Certificate Revocation Protocol Carlin Covey
- Re: Online Certificate Revocation Protocol Peter Gutmann
- RE: Online Certificate Revocation Protocol Lynn.Wheeler
- Re: Online Certificate Revocation Protocol Massimiliano Pala
- Re: Online Certificate Revocation Protocol jim
- Re: Online Certificate Revocation Protocol jim
- Re: Online Certificate Revocation Protocol Lynn.Wheeler
- Re: Online Certificate Revocation Protocol Tony Bartoletti
- Re: Online Certificate Revocation Protocol Tony Bartoletti
- RE: Online Certificate Revocation Protocol Scherling, Mark
- RE: Online Certificate Revocation Protocol Hal Lockhart
- Re: Online Certificate Revocation Protocol Peter Gutmann
- RE: Online Certificate Revocation Protocol Santosh Chokhani
- RE: Online Certificate Revocation Protocol Santosh Chokhani
- Re: Online Certificate Revocation Protocol jim
- RE: Online Certificate Revocation Protocol Santosh Chokhani
- RE: Online Certificate Revocation Protocol Liaquat Khan
- RE: Online Certificate Revocation Protocol Scherling, Mark
- RE: Online Certificate Revocation Protocol Santosh Chokhani
- Re: Online Certificate Revocation Protocol Tony Bartoletti
- RE: Online Certificate Revocation Protocol Scherling, Mark
- RE: Online Certificate Revocation Protocol Santosh Chokhani
- RE: Online Certificate Revocation Protocol Tony Bartoletti
- Re: Online Certificate Revocation Protocol jim
- RE: Online Certificate Revocation Protocol Luis Azevedo
- Re: Online Certificate Revocation Protocol Denis Pinkas
- Re: Online Certificate Revocation Protocol Peter Gutmann
- RE: Online Certificate Revocation Protocol Liaquat Khan
- Re: Online Certificate Revocation Protocol Denis Pinkas
- Re: Online Certificate Revocation Protocol Denis Pinkas
- Re: Online Certificate Revocation Protocol Nick Pope