[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Ipsec] RE: OCSP in IKEv2

To: Paul Hoffman / VPNC <paul.hoffman@vpnc.org>
Subject: Re: [Ipsec] RE: OCSP in IKEv2
From: Nicolas Williams <Nicolas.Williams@sun.com>
Date: Thu, 12 Aug 2004 02:30:43 -0500
Cc: ipsec@ietf.org, Michael Myers <mmyers@fastq.com>, sommerfeld@east.sun.com
In-reply-to: <p06110428bd404a667419@[10.20.30.249]>
List-help: <mailto:ipsec-request@ietf.org?subject=help>
List-id: IP Security <ipsec.ietf.org>
List-post: <mailto:ipsec@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>,<mailto:ipsec-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>,<mailto:ipsec-request@ietf.org?subject=unsubscribe>
Mail-followup-to: Paul Hoffman / VPNC <paul.hoffman@vpnc.org>,sommerfeld@east.sun.com, ipsec@ietf.org,Michael Myers <mmyers@fastq.com>
References: <200408112049.i7BKnrSH012973@thunk.east.sun.com><p06110428bd404a667419@[10.20.30.249]>
Sender: ipsec-bounces@ietf.org
User-agent: Mutt/1.4.1i

On Wed, Aug 11, 2004 at 03:16:31PM -0700, Paul Hoffman / VPNC wrote:
> At 4:49 PM -0400 8/11/04, Bill Sommerfeld wrote:
> >I can see two obvious use cases for tunneling OCSP through IKE:

"tunnelling" is confusing here as only OCSP responses would be
exchanged, not requests.

> Um, the proposal has nothing to do with tunneling OCSP through IKE: 
> it covers how to pass OCSP responses from one peer to another. Thus, 
> in order for this proposal to be useful, the replying party has to 
> have a fresh OSCP response about itself to hand to the querying party.

Bingo.  And that is where the payoff is as this proposal maximizes the
use of cached OCSP requests because the user of a cert, not its peers,
is the one that gets the OCSP responses for its cert.

Cheers,

Nico
-- 

_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec

References:
- Re: [Ipsec] RE: OCSP in IKEv2
  - From: Bill Sommerfeld <sommerfeld@east.sun.com>
- Re: [Ipsec] RE: OCSP in IKEv2
  - From: Paul Hoffman / VPNC <paul.hoffman@vpnc.org>

Prev by Date: Re: [Ipsec] RE: OCSP in IKEv2
Next by Date: Re: [Ipsec] new ICMP text for 2401bis
Previous by thread: Re: [Ipsec] RE: OCSP in IKEv2
Next by thread: Re: [Ipsec] RE: OCSP in IKEv2
Index(es):
- Date
- Thread