Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15

mrex@sap.com (Martin Rex) Tue, 02 April 2013 16:51 UTC

In-Reply-To: <02dc01ce2fbf$e43a7b60$acaf7220$@ditenity.com>
To: Piyush Jain <piyush@ditenity.com>
Date: Tue, 02 Apr 2013 18:51:22 +0200
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="US-ASCII"
Message-Id: <20130402165122.975FC1A689@ld9781.wdf.sap.corp>
From: mrex@sap.com
Cc: 'Stefan Santesson' <stefan@aaa-sec.com>, sts@aaa-sec.com, pkix@ietf.org
Subject: Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15
Precedence: list
Reply-To: mrex@sap.com

Piyush Jain wrote:
>  
> > Anyhow, I think that rfc2560bis can not (and should not) make suggestions
> > for specific values.  What values would your OCSP implementation use for
> > "good" or "unknown" responses for the same CA?  Those values look like
> > they might be from the right ballpark.
> 
> 2560-bis states that these values correspond to those in CRLs.
> Implementations that I know of set these values from the CRL for good
> responses and use current time for unknown responses.
> 
> This is how 2560 defines these fields
> - thisUpdate: The time at which the status being indicated is known  to be
> correct
>  - nextUpdate: The time at or before which newer information will be
> available about the status of the certificate
> 
> So for non-issued, thisUpdate should be start of CAs validity interval (all
> certs are revoked until they get issued) and nextUpdate should be current
> time (a certificate with that serial can be issued anytime). 

Fine with me.

What I meant (and failed to clarify) is that rfc2560bis should not define
special values for thisUpdate/nextUpdate that are specific to the
"not issued reported as revoked/certificateHold" situation.

-Martin

[pkix] Gen-ART review of draft-ietf-pkix-rfc2560b… Black, David
Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Stefan Santesson
Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Sean Turner
Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Black, David
Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Stefan Santesson
Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Stefan Santesson
Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Stefan Santesson
Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Black, David
Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Black, David
Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Black, David
Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Stefan Santesson
Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15 Piyush Jain
[pkix] Gen-ART review of draft-ietf-pkix-rfc2560b… Black, David
Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Piyush Jain
Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Stefan Santesson
Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Piyush Jain
Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Piyush Jain
Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Stefan Santesson
Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15 Martin Rex
Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Piyush Jain
Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Stefan Santesson
Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Piyush Jain
Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Stefan Santesson
Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Piyush Jain
Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Black, David
Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Black, David
[pkix] review of draft-ietf-pkix-rfc2560bis-15 Peter Rybar
Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15 Stefan Santesson
Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15 Piyush Jain
Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15 Martin Rex
Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15 Martin Rex
Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15 Piyush Jain
Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15 Martin Rex
Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15 Andris Berzins
Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15 Piyush Jain
Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15 Andris Berzins
Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15 Martin Rex
Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15 Piyush Jain
Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15 Stefan Santesson
Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15 Martin Rex
Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15 Peter Rybar
Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15 Martin Rex
Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15 Peter Rybar
Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Martin Rex
Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Piyush Jain
Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Martin Rex
Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Piyush Jain
Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Sean Turner
Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15 Sean Turner
Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15 Martin Rex
Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15 Peter Rybar
Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Piyush Jain
Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Piyush Jain
Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Sean Turner
Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Piyush Jain
Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Black, David
Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Stefan Santesson
Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Piyush Jain
Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Black, David
Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Piyush Jain
Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Stefan Santesson