Re: Online Certificate Revocation Protocol
Marc Branchaud <marcnarc@rsasecurity.com> Sat, 09 June 2001 01:06 UTC
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id VAA22604 for <pkix-archive@odin.ietf.org>; Fri, 8 Jun 2001 21:06:49 -0400 (EDT)
Received: by above.proper.com (8.9.3/8.9.3) id RAA10792 for ietf-pkix-bks; Fri, 8 Jun 2001 17:30:57 -0700 (PDT)
Received: from nebula.x509.com (nebula.x509.com [199.175.150.19]) by above.proper.com (8.9.3/8.9.3) with ESMTP id RAA10787 for <ietf-pkix@imc.org>; Fri, 8 Jun 2001 17:30:52 -0700 (PDT)
Received: from crack.x509.com (mail.x509.com [199.175.150.1]) by nebula.x509.com (8.11.3/XCERT) with ESMTP id f590UNi01738 for <ietf-pkix@imc.org>; Fri, 8 Jun 2001 17:30:23 -0700 (PDT)
Received: from exvan01.x509.com (exvan01.x509.com [10.9.22.50]) by crack.x509.com (8.11.3/XCERT) with ESMTP id f590UNU15144 for <ietf-pkix@imc.org>; Fri, 8 Jun 2001 17:30:23 -0700 (PDT)
Received: from rsasecurity.com (eskarina.eng.x509.com [10.7.33.45]) by exvan01.x509.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id L2KCZ0T1; Fri, 8 Jun 2001 17:30:55 -0700
Message-ID: <3B216DFA.CBB10662@rsasecurity.com>
Date: Fri, 08 Jun 2001 17:29:46 -0700
From: Marc Branchaud <marcnarc@rsasecurity.com>
Organization: RSA Security
X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.2.18 i686)
X-Accept-Language: en, fr
MIME-Version: 1.0
To: ietf-pkix@imc.org
Subject: Re: Online Certificate Revocation Protocol
References: <8D7EC1912E25D411A32100D0B76953978DF471@scygmxs01.cygnacom.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>
Content-Transfer-Encoding: 7bit
Santosh Chokhani wrote: > > Destroying a private key used to generate signature may cause some > operational grief in terms of getting a new key certified, but there is no > need for that key any more and hence no revocation is needed. > Except that "destruction" is not necessarily irrecoverable. I would always revoke, as a general rule, especially for highly sensitive (e.g. CA) keys. Marc
- RE: Online Certificate Revocation Protocol JANES, Mark
- Online Certificate Revocation Protocol Massimiliano Pala
- Online Certificate Revocation Protocol Massimiliano Pala
- Re: Online Certificate Revocation Protocol Hansen Wang
- RE: Online Certificate Revocation Protocol Carlin Covey
- RE: Online Certificate Revocation Protocol Peter Williams
- RE: Online Certificate Revocation Protocol Frank Balluffi
- Re: Online Certificate Revocation Protocol Massimiliano Pala
- Re: Online Certificate Revocation Protocol Massimiliano Pala
- Re: Online Certificate Revocation Protocol Nada Kapidzic Cicovic
- Re: Online Certificate Revocation Protocol Massimiliano Pala
- Re: Online Certificate Revocation Protocol Peter Gutmann
- RE: Online Certificate Revocation Protocol Peter Gutmann
- Re: Online Certificate Revocation Protocol Massimiliano Pala
- Re: Online Certificate Revocation Protocol Housley, Russ
- RE: Online Certificate Revocation Protocol Santosh Chokhani
- Re: Online Certificate Revocation Protocol Tony Bartoletti
- Re: Online Certificate Revocation Protocol Tony Bartoletti
- RE: Online Certificate Revocation Protocol Santosh Chokhani
- Re: Online Certificate Revocation Protocol Andrew W. Gray
- Re: Online Certificate Revocation Protocol Paul Hoffman / IMC
- Re: Online Certificate Revocation Protocol Hansen Wang
- Re: Online Certificate Revocation Protocol Tony Bartoletti
- Re: Online Certificate Revocation Protocol Tony Bartoletti
- Re: Online Certificate Revocation Protocol Marc Branchaud
- RE: Online Certificate Revocation Protocol Paul Gogarty
- Re: Online Certificate Revocation Protocol jim
- Re: Online Certificate Revocation Protocol Hansen Wang
- Online Certificate Revocation Protocol Mr Jonathan W Jenkyn
- Re: Online Certificate Revocation Protocol Hansen Wang
- Online Certificate Revocation Protocol Massimiliano Pala
- Re: Online Certificate Revocation Protocol Massimiliano Pala
- Online Certificate Revocation Protocol Massimiliano Pala
- RE: Online Certificate Revocation Protocol Santosh Chokhani
- RE: Online Certificate Revocation Protocol Santosh Chokhani
- Re: Online Certificate Revocation Protocol Paul Hoffman / IMC
- Re: Online Certificate Revocation Protocol jim
- Re: Online Certificate Revocation Protocol Peter Gutmann
- Re: Online Certificate Revocation Protocol Peter Gutmann
- Re: Online Certificate Revocation Protocol Peter Gutmann
- RE: Online Certificate Revocation Protocol Santosh Chokhani
- Re: Online Certificate Revocation Protocol Massimiliano Pala
- Re: Online Certificate Revocation Protocol Bob Jueneman
- RE: Online Certificate Revocation Protocol Santosh Chokhani
- RE: Online Certificate Revocation Protocol Santosh Chokhani
- RE: Online Certificate Revocation Protocol Carlin Covey
- Re: Online Certificate Revocation Protocol Marc Branchaud
- RE: Online Certificate Revocation Protocol Tony Bartoletti
- Re: Online Certificate Revocation Protocol Tony Bartoletti
- Re: Online Certificate Revocation Protocol Marc Branchaud
- Re: Online Certificate Revocation Protocol Marc Branchaud
- RE: Online Certificate Revocation Protocol Santosh Chokhani
- Re: Online Certificate Revocation Protocol Massimiliano Pala
- RE: Online Certificate Revocation Protocol Lynn.Wheeler
- Re: Online Certificate Revocation Protocol Marc Branchaud
- RE: Online Certificate Revocation Protocol Carlin Covey
- RE: Online Certificate Revocation Protocol Lynn.Wheeler
- RE: Online Certificate Revocation Protocol Paul Gogarty
- RE: Online Certificate Revocation Protocol Scherling, Mark
- RE: Online Certificate Revocation Protocol Carlin Covey
- RE: Online Certificate Revocation Protocol Scherling, Mark
- RE: Online Certificate Revocation Protocol Bob Jueneman
- RE: Online Certificate Revocation Protocol Scherling, Mark
- Re: Online Certificate Revocation Protocol Terry Hayes
- RE: Online Certificate Revocation Protocol Santosh Chokhani
- RE: Online Certificate Revocation Protocol Scherling, Mark
- RE: Online Certificate Revocation Protocol Santosh Chokhani
- RE: Online Certificate Revocation Protocol Scherling, Mark
- RE: Online Certificate Revocation Protocol Santosh Chokhani
- RE: Online Certificate Revocation Protocol Santosh Chokhani
- RE: Online Certificate Revocation Protocol Carlin Covey
- Re: Online Certificate Revocation Protocol Peter Gutmann
- RE: Online Certificate Revocation Protocol Lynn.Wheeler
- Re: Online Certificate Revocation Protocol Massimiliano Pala
- Re: Online Certificate Revocation Protocol jim
- Re: Online Certificate Revocation Protocol jim
- Re: Online Certificate Revocation Protocol Lynn.Wheeler
- Re: Online Certificate Revocation Protocol Tony Bartoletti
- Re: Online Certificate Revocation Protocol Tony Bartoletti
- RE: Online Certificate Revocation Protocol Scherling, Mark
- RE: Online Certificate Revocation Protocol Hal Lockhart
- Re: Online Certificate Revocation Protocol Peter Gutmann
- RE: Online Certificate Revocation Protocol Santosh Chokhani
- RE: Online Certificate Revocation Protocol Santosh Chokhani
- Re: Online Certificate Revocation Protocol jim
- RE: Online Certificate Revocation Protocol Santosh Chokhani
- RE: Online Certificate Revocation Protocol Liaquat Khan
- RE: Online Certificate Revocation Protocol Scherling, Mark
- RE: Online Certificate Revocation Protocol Santosh Chokhani
- Re: Online Certificate Revocation Protocol Tony Bartoletti
- RE: Online Certificate Revocation Protocol Scherling, Mark
- RE: Online Certificate Revocation Protocol Santosh Chokhani
- RE: Online Certificate Revocation Protocol Tony Bartoletti
- Re: Online Certificate Revocation Protocol jim
- RE: Online Certificate Revocation Protocol Luis Azevedo
- Re: Online Certificate Revocation Protocol Denis Pinkas
- Re: Online Certificate Revocation Protocol Peter Gutmann
- RE: Online Certificate Revocation Protocol Liaquat Khan
- Re: Online Certificate Revocation Protocol Denis Pinkas
- Re: Online Certificate Revocation Protocol Denis Pinkas
- Re: Online Certificate Revocation Protocol Nick Pope