[145472] in cryptography@c2.net mail archive
Re: A mighty fortress is our PKI, Part II
daemon@ATHENA.MIT.EDU (Anne & Lynn Wheeler)
Wed Jul 28 13:20:44 2010
Date: Wed, 28 Jul 2010 12:39:12 -0400
From: Anne & Lynn Wheeler <lynn@garlic.com>
To: Nicolas Williams <Nicolas.Williams@oracle.com>
CC: Peter Gutmann <pgut001@cs.auckland.ac.nz>, ben@links.org,
cryptography@metzdowd.com, perry@piermont.com
In-Reply-To: <20100728160229.GU566@oracle.com>
On 07/28/2010 12:02 PM, Nicolas Williams wrote:
> Sorry, but this is wrong. The OCSP protocol itself really is an online
> certificate status protocol. Responder implementations may well be
> based on checking CRLs, but they aren't required to be.
>
> Don't be confused by the fact that OCSP borrows some elements from CRLs.
my OCSP analogy was turning authentication into an end in itself ... basically a new kind of retail store ... instead of retail store that sells some product ... you go in and buy something ... doing a real-time payment transaction; ... there is an authentication store ... convince everybody that they need to walk into their (OCSP) authentication retail store at least once a day to perform an authentication operation (for no other reason that people should get a lot of comfort out of being authenticated at least once a day or more if necessary) ... totally divorced and unrelated to any actual business purpose.
--
virtualization experience starting Jan1968, online at home since Mar1970
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
