[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [pkix] OCSP and Privacy Issues

From: Massimiliano Pala <Massimiliano.Pala at Dartmouth.edu>
To: pkix at ietf.org
Date: Mon, 16 Nov 2009 12:38:03 -0500
In-reply-to: <4B0186F4.2050806 at drh-consultancy.demon.co.uk>
References: <01cf01ca6292$d31079a0$79316ce0$ at com> <p06240802c724e437d065 at [10.11.1.91]> <4B018715.2060401 at Dartmouth.edu> <4B0186F4.2050806 at drh-consultancy.demon.co.uk>
List-id: PKIX Working Group <pkix.ietf.org>

Hi Stephen,

true. But there might be issues with handling the trust anchors when the service
is outsourced, behind a load balancing server, or simply when the https cert is
not the same as the ocsp one (how to verify that one via the ocsp ?). As a
result, AFAIK, many current OCSP servers are over HTTP, not HTTPS (just checking
the URLs embedded in certificates...)

HTTPS is a good point.. but currently under-deployed.. that's why I am rising
the point...

Later,
Max

On 11/16/2009 12:08 PM, Dr Stephen Henson wrote:

Would've thought an https URL for the responder would be a simpler way.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Follow-Ups:
- Re: [pkix] OCSP and Privacy Issues
  - From: Stephen Kent
- Re: [pkix] OCSP and Privacy Issues
  - From: Yngve Nysaeter Pettersen

References:
- [pkix] Comments on draft-ietf-pkix-ocspagility-03.txt
  - From: Jim Schaad
- Re: [pkix] Comments on draft-ietf-pkix-ocspagility-03.txt
  - From: Stephen Kent
- [pkix] OCSP and Privacy Issues
  - From: Massimiliano Pala
- Re: [pkix] OCSP and Privacy Issues
  - From: Dr Stephen Henson

Prev by Date: Re: [pkix] OCSP and Privacy Issues
Next by Date: Re: [pkix] OCSP and Privacy Issues
Previous by thread: Re: [pkix] OCSP and Privacy Issues
Next by thread: Re: [pkix] OCSP and Privacy Issues
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.