[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: bootstrap of key-centric binding of person to key



At  5:50 PM 3/4/96 -0500, Carl Ellison wrote:
>At 15:25 3/4/96, Bill Frantz wrote:
>
>>I would like to further divide the CRL cases into what I will call the
>>"Pure Capability" CRLs and the "Revocation Authority" CRLs.  The difference
>>is who you have to communicate with to check for Certificate Revocation.
>>In the Pure Capability case, the only communication is with that entity
>>which implements the authority.  In the Revocation Authority case, there is
>>separate communication with some Revocation Authority.
>
>[...]
>
>>Does this model resonate with anyone?  Is it interesting enough that I
>>should continue to suggest ways of using it?  Or should I just drop it?
>
>Does this differ from assigning one URL for getting certs renewed and a
>[potentially] different URL for checking CRLs?

I don't think it differs, although in some cases, there might be no URL for
checking for CRLs since the certificate would be checked by the same
software that provided access.  e.g. Only entities holding the private keys
corresponding to one of the keys on this list of public keys may ...

Let 1,000,000 Revocation Authorities (and Renewal Authorities) bloom.

Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA