[6734] in cryptography@c2.net mail archive
RE: X.BlaBla in PGP??? BWAHAHAHAHAHA!!!!
daemon@ATHENA.MIT.EDU (Phillip Hallam-Baker)
Mon Mar 6 21:19:27 2000
From: "Phillip Hallam-Baker" <hallam@ai.mit.edu>
To: <pgut001@cs.auckland.ac.nz>, <esj@harvee.billerica.ma.us>
Cc: <cryptography@c2.net>, <cypherpunks@cyberpass.net>, <dcsb@ai.mit.edu>,
<rah@shipwright.com>
Date: Mon, 6 Mar 2000 20:51:21 -0500
MIME-Version: 1.0
Message-ID: <NDBBJIKJCLIJGNPNDOCKIEOMCEAA.hallam@ai.mit.edu>
Content-Type: multipart/signed;
boundary="----=_NextPart_000_000F_01BF879D.407CD000";
protocol="application/x-pkcs7-signature";
micalg=SHA1
In-Reply-To: <95236624501097@kahu.cs.auckland.ac.nz>
This is a multi-part message in MIME format.
------=_NextPart_000_000F_01BF879D.407CD000
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
>Technically speaking it's not really supported by X.509 either because
CRL's
>don't really work (see for example the FC'99 proceedings for more details
on
>this, along with suggestions on how to fix it).
I think you are probably refering to Ron's paper in FC'98. I presented an
alternative and somewhat radical architecture at RSA'99 which demonstrated
that it was practical to distribute revocation info in real time for a
population of 5 billion certs.
There is also the IETF work by Mike Myers and myself on OCSP and OCSP-X
respectively.
> This isn't a problem with Outlook or MS (for once :-) but a
>problem with the whole CRL concept.
Agreed, I see CRLs as a draft architecture that was good enough for circa
1990 but not so hot come deployment a decade later. But it is quite
possible
to provide a workable solution in context.
> An option which I like (because
>it's efficient and fast) is to have a BIND-style daemon which snarfs
CRL's
>from wherever[0] every now and then and answers validity check queries
very
>quickly (millisecond response time, so the user won't even notice it's
>happened). I hope to have a paper on this out RSN.
I will send you the paper I wrote for RSA '99. I describe precisely that
type
of architecture. The argument I make is that we should migrate to that
type
of architecture in the long term. OCSP provides a very usefull staging
ground.
Phill
------=_NextPart_000_000F_01BF879D.407CD000
Content-Type: application/x-pkcs7-signature;
name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="smime.p7s"
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIFuzCCAp8w
ggIIoAMCAQICAwHiATANBgkqhkiG9w0BAQQFADCBlDELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdl
c3Rlcm4gQ2FwZTEUMBIGA1UEBxMLRHVyYmFudmlsbGUxDzANBgNVBAoTBlRoYXd0ZTEdMBsGA1UE
CxMUQ2VydGlmaWNhdGUgU2VydmljZXMxKDAmBgNVBAMTH1BlcnNvbmFsIEZyZWVtYWlsIFJTQSAx
OTk5LjkuMTYwHhcNMDAwMTAzMDEwMDQ0WhcNMDEwMTAyMDEwMDQ0WjBDMR8wHQYDVQQDExZUaGF3
dGUgRnJlZW1haWwgTWVtYmVyMSAwHgYJKoZIhvcNAQkBFhFoYWxsYW1AYWkubWl0LmVkdTCBnzAN
BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAt4iAjRQ0ptnYQAdJr79JVYingm6z65RXVAgcP05PYi8w
LuiMDfJRbaPxta3DGPy5c4+e5lKpqZB5mwiAevzr0yemX/C1WJwttdhMKTWFzbl95eCUoQcFE1MW
ODLUYI5P7ED0poN17W2AWzcWw6HwMdP1g4pQi6W6x0QKnzwDB88CAwEAAaNPME0wHAYDVR0RBBUw
E4ERaGFsbGFtQGFpLm1pdC5lZHUwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBSIq/Fgg2ZV9ORY
x0YdwGG9I9fDjDANBgkqhkiG9w0BAQQFAAOBgQAUVO2Gqz8Bctf6NDxMIZ5yoRyvVn4oSBKLYG8u
Xuv3Su8vhBDhUqD8eXq3GLNyCn5H8AI0Vkz2oMa9g3VVWbkmU/6nnBpEWVJ7BfB3J27PqMfgTFmw
yAd4OrK+Cl8jq5Oo9AE9RPTLz0l5tr3zbiIxPBYDSVLPUcBedl/0QSzSXzCCAxQwggJ9oAMCAQIC
AQswDQYJKoZIhvcNAQEEBQAwgdExCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUx
EjAQBgNVBAcTCUNhcGUgVG93bjEaMBgGA1UEChMRVGhhd3RlIENvbnN1bHRpbmcxKDAmBgNVBAsT
H0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2aXNpb24xJDAiBgNVBAMTG1RoYXd0ZSBQZXJzb25h
bCBGcmVlbWFpbCBDQTErMCkGCSqGSIb3DQEJARYccGVyc29uYWwtZnJlZW1haWxAdGhhd3RlLmNv
bTAeFw05OTA5MTYxNDAxNDBaFw0wMTA5MTUxNDAxNDBaMIGUMQswCQYDVQQGEwJaQTEVMBMGA1UE
CBMMV2VzdGVybiBDYXBlMRQwEgYDVQQHEwtEdXJiYW52aWxsZTEPMA0GA1UEChMGVGhhd3RlMR0w
GwYDVQQLExRDZXJ0aWZpY2F0ZSBTZXJ2aWNlczEoMCYGA1UEAxMfUGVyc29uYWwgRnJlZW1haWwg
UlNBIDE5OTkuOS4xNjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAs2lal9TQFgt6tcVd6SGc
I3LNEkxL937Px/vKciT0QlKsV5Xje2F6F4Tn/XI5OJS06u1lp5IGXr3gZfYZu5R5dkw+uWhwdYQc
9BF0ALwFLE8JAxcxzPRB1HLGpl3iiESwiy7ETfHw1oU+bPOVlHiRfkDpnNGNFVeOwnPlMN5G9U8C
AwEAAaM3MDUwEgYDVR0TAQH/BAgwBgEB/wIBADAfBgNVHSMEGDAWgBRyScJzNMZV9At2coF+d/SH
58ayDjANBgkqhkiG9w0BAQQFAAOBgQBrxlnpMfrptuyxA9jfcnL+kWBI6sZV3XvwZ47GYXDnbcKl
N9idtxcoVgWL3Vx1b8aRkMZsZnET0BB8a5FvhuAhNi3B1+qyCa3PLW3Gg1Kb+7v+nIed/LfpdJLk
XJeu/H6syg1vcnpnLGtz9Yb5nfUAbvQdB86dnoJjKe+TCX5V3jGCAq4wggKqAgEBMIGcMIGUMQsw
CQYDVQQGEwJaQTEVMBMGA1UECBMMV2VzdGVybiBDYXBlMRQwEgYDVQQHEwtEdXJiYW52aWxsZTEP
MA0GA1UEChMGVGhhd3RlMR0wGwYDVQQLExRDZXJ0aWZpY2F0ZSBTZXJ2aWNlczEoMCYGA1UEAxMf
UGVyc29uYWwgRnJlZW1haWwgUlNBIDE5OTkuOS4xNgIDAeIBMAkGBSsOAwIaBQCgggFnMBgGCSqG
SIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTAwMDMwNjIzNTMyNVowIwYJKoZI
hvcNAQkEMRYEFHowwk9XlVklaTbvOGPNhN9oOo0TMFgGCSqGSIb3DQEJDzFLMEkwCgYIKoZIhvcN
AwcwDgYIKoZIhvcNAwICAgCAMAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEoMAcGBSsOAwIaMAoGCCqG
SIb3DQIFMIGtBgkrBgEEAYI3EAQxgZ8wgZwwgZQxCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0
ZXJuIENhcGUxFDASBgNVBAcTC0R1cmJhbnZpbGxlMQ8wDQYDVQQKEwZUaGF3dGUxHTAbBgNVBAsT
FENlcnRpZmljYXRlIFNlcnZpY2VzMSgwJgYDVQQDEx9QZXJzb25hbCBGcmVlbWFpbCBSU0EgMTk5
OS45LjE2AgMB4gEwDQYJKoZIhvcNAQEBBQAEgYBEn9Qa1YLgmGFujuMQGcyhN6ln42VdO7Q8314E
TXTApoF7kfQ6RAgxyoBzZ28imoKUzCs4hYNSbQqF8K6uQbMjk3YLQFr/aCMhIZyHjbkFhlwdASMQ
Envks0ETcIPpFt0vDpHjDjbUflXKGY7a7detthqCQKWDV12pHGDiKGwYwwAAAAAAAA==
------=_NextPart_000_000F_01BF879D.407CD000--
