[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Certificate Cancellation Notices (CCN)

To: Steven Bellovin <smb@research.att.com>
Subject: Re: Certificate Cancellation Notices (CCN)
From: Carl Ellison <cme@cybercash.com>
Date: Sat, 05 Apr 1997 15:26:43 -0500
Cc: rivest@theory.lcs.mit.edu (Ron Rivest), spki@c2.net, blampson@microsoft.com
In-Reply-To: <199704052011.PAA03307@raptor.research.att.com>
Sender: owner-spki@c2.net

At 03:11 PM 4/5/97 -0500, Steven Bellovin wrote:
>The point of CRLs is to avoid the need for online services.  It's not so
>much the replication of the database that concerns me; rather, it's the
>requirement that all possible acceptors of certificates be online to do
>any processing whatsoever.

We already have an even simpler mechanism for processing certificates
offline -- certificates with no online tests and no CRLs -- just their
own validity intervals.

Offline CRLs don't magically make offline certs suddenly any more precise
than certs alone whose dates are the intersection of the cert plus CRL.

+------------------------------------------------------------------+
|Carl M. Ellison  cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                      http://www.cybercash.com/    |
|207 Grindall Street   PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103  T:(410) 727-4288  F:(410)727-4293        |
+------------------------------------------------------------------+

Follow-Ups:

Re: Certificate Cancellation Notices (CCN)

From: Marc Branchaud <marcnarc@zoo.net>

References:

Re: Certificate Cancellation Notices (CCN)

From: Steven Bellovin <smb@research.att.com>

Prev by Date: "KeyNote" -- how to describe cryptographic keys.
Next by Date: Re: Multi-Tag-Cert Tag Creation and Validation
Prev by thread: Re: Certificate Cancellation Notices (CCN)
Next by thread: Re: Certificate Cancellation Notices (CCN)
Index(es):
- Main
- Thread