[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Certificate Cancellation Notice

To: frantz@netcom.com, rivest@theory.lcs.mit.edu
Subject: Re: Certificate Cancellation Notice
From: "Brian M. Thomas" <bt0008@entropy.sbc.com>
Date: Thu, 3 Apr 1997 10:29:37 -0600 (CST)
Cc: spki@c2.net, blampson@microsoft.com
Sender: owner-spki@c2.net



I may be missing the point, but if the purpose of a CCN is to tell a
certificate server not to issue a cert, destroy its copy, etc., its
usefulness is limited.  Once the certificate is issued and anyone else
has a copy, it really doesn't matter who doesn't have one, unless the
verifier's protocol doesn't accept certs from the supplicant but only
from a real-time server.  This seems to me to require more stringent
protocols even than CRLs.

I'm sure I am missing the point.  Somebody hit me with a clue.

brian


Brian Thomas, CISSP - Distributed Systems Architect  bt0008@entropy.sbc.com
Southwestern Bell                                    bthomas@primary.net
One Bell Center,  Room 34G3                          Tel: 314 235 3141
St. Louis, MO 63101                                  Fax: 314 235 0162

Prev by Date: Re: majordomo information
Next by Date: Certificate Cancellation Notices (CCN)
Prev by thread: Certificate Cancellation Notice
Next by thread: Global name spaces for tags
Index(es):
- Main
- Thread