IETF Logo Mail Archive

RE: Online Certificate Revocation Protocol

"Paul Gogarty" <p.gogarty@mail.com> Mon, 11 June 2001 16:53 UTC

Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA14627 for <pkix-archive@odin.ietf.org>; Mon, 11 Jun 2001 12:53:19 -0400 (EDT)
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f5BG3vC07956 for ietf-pkix-bks; Mon, 11 Jun 2001 09:03:57 -0700 (PDT)
Received: from mail3.svr.pol.co.uk (mail3.svr.pol.co.uk [195.92.193.19]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f5BG3sJ07952 for <ietf-pkix@imc.org>; Mon, 11 Jun 2001 09:03:55 -0700 (PDT)
Received: from modem-753.owl.dialup.pol.co.uk ([62.137.102.241] helo=lasvegas) by mail3.svr.pol.co.uk with smtp (Exim 3.13 #0) id 159UAP-0003WR-00; Mon, 11 Jun 2001 17:03:49 +0100
From: Paul Gogarty <p.gogarty@mail.com>
To: madwolf@openca.org, ietf-pkix@imc.org
Subject: RE: Online Certificate Revocation Protocol
Date: Mon, 11 Jun 2001 17:08:05 +0100
Message-ID: <NFBBJAOOOMJKKHJADDNKOEDOCAAA.p.gogarty@mail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
In-Reply-To: <3B209485.CD2CB49A@hackmasters.net>
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
Importance: Normal
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Content-Transfer-Encoding: 7bit

Massimiliano
 Correct me if I'm wrong but I assumed the shared secret in a RevRequest
(section 5.11 draft-ietf-pkix-rfc2510bis-04.txt) would provide a system to
reduce the risk of DoS.

	Paul Gogarty
	ASN.1 Developer

	De La Rue InterClear Ltd.
	De La Rue House
	Jays Close
	Viables
	Basingstoke
	England
	RG22 4BS

	Fax: +44 (0)1256 487755
	Tel: +44 (0)7879 458416
	mailto:paul.gogarty@interclear.co.uk

	http://www.interclear.co.uk/

-----Original Message-----
From: owner-ietf-pkix@mail.imc.org
[mailto:owner-ietf-pkix@mail.imc.org]On Behalf Of Massimiliano Pala
Sent: Friday, June 08, 2001 10:02 AM
To: ietf-pkix@imc.org
Subject: Re: Online Certificate Revocation Protocol


Carlin Covey wrote:

> But none of these allow a certificate to be revoked. I gather that
> you are interested in a protocol for requesting revocation of
certificates.
> Check out CMP, available at
> http://www.ietf.org/internet-drafts/draft-ietf-pkix-rfc2510bis-04.txt

This could be the case, anyway I was thinking of something more "robust"
and a little bit complex -- as request/response contents -- to prevent
unauthorized revoking requesting to prevent as much as possible DoS but
allowing for a simple revocation method. This could help environments where
legal issues are also covered -- govenment PKIs, Municipalities PKIs,
etc...

The model I've been thinking of is mostly based on a structure very similar
to the model proposed in OCSP. The choosen transport mechanism could be
HTTP -- this could help browsers in adding the functionality and CSP to
implement the service.

--

C'you,

	Massimiliano Pala

--o-------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager]                madwolf@openca.org
                                                     madwolf@hackmasters.net
http://www.openca.org                            Tel.:   +39 (0)59  270  094
http://openca.sourceforge.net                    Mobile: +39 (0)347 7222 365

v2.23.0 | Report a Bug | By Email