Re: operational protocols
"Housley, Russ" <housley@spyrus.com> Mon, 07 April 1997 03:51 UTC
Received: by suntan.tandem.com (8.6.12/suntan5.970212) for ietf-pkix-relay id UAA15293; Sun, 6 Apr 1997 20:51:33 -0700
Received: from netcomsv.netcom.com by suntan.tandem.com (8.6.12/suntan5.970212) for <ietf-pkix@tandem.com> id UAA15289; Sun, 6 Apr 1997 20:51:31 -0700
Received: by netcomsv.netcom.com with UUCP (8.6.12/SMI-4.1) id UAA04310; Sun, 6 Apr 1997 20:45:29 -0700
Received: from cc:Mail by spysouth.spyrus.com id AA860380961 Sun, 06 Apr 97 19:42:41
Date: Sun, 06 Apr 1997 19:42:41 -0000
From: "Housley, Russ" <housley@spyrus.com>
Encoding: 1376 Text
Message-Id: <9703068603.AA860380961@spysouth.spyrus.com>
To: ietf-pkix@tandem.com, Stefan.Hoeben@esat.kuleuven.ac.be
Subject: Re: operational protocols
Stef: I do not see how the CIL can be usefully used as a certificate extension. Please provide a more detailed explaination. Also, the CIL provides proof that the Directory should have had the certificate available, but it cannot do anything to force the Directory to provde it to the user. Russ ______________________________ Reply Separator _________________________________ Subject: operational protocols Author: Stef Hoeben <Stefan.Hoeben@esat.kuleuven.ac.be> Date: 4/3/97 6:21 AM Hello, [some stuff deleted] - A small remark about the security of LDAP: it is true that the messages don't need to be signed because the CA allready signed the certs ans CRL. BUT a nasty LDAPd could just answer on a request: 'I don't have that certificate or CRL' while he actually does have it. Perhaps a way to solve this is a CIL or Certficate Issue List (it's in a paper by Silvio Micali, you can find a copy at http://www.esat.kuleuven.ac.be/~hoeben/micali.ps). In that list the CA just puts the serial numbers of the certs (eventually after removing some redundancy) and signs it. If there comes a request for a cert the CA didn't issue, the LDAPd just gives the CIL to prove he hasn't got the cert. I guess this CIL is allready possible in X.509 v3, with the aid of private extensions, isn't it? Greetings, Stef
- Re: operational protocols Housley, Russ
- Re: operational protocols Housley, Russ
- Re: operational protocols Patrick Richard
- Re: operational protocols Reginald Carey
- Re: operational protocols Stef Hoeben
- RE(2): operational protocols T.A.Parker
- Re: operational protocols Mike Smith
- Re: operational protocols Mike Smith
- Re: operational protocols Stef Hoeben
- Re: operational protocols David Boyce
- Re: operational protocols Stef Hoeben