[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [pkix] OCSP and Privacy Issues

From: Stephen Kent <kent at bbn.com>
To: openca at acm.org
Cc: pkix at ietf.org
Date: Fri, 20 Nov 2009 16:50:08 -0500
In-reply-to: <4B02DE75.60909 at Dartmouth.edu>
References: <01cf01ca6292$d31079a0$79316ce0$ at com><p06240802c724e437d065 at [10.11.1.91]> <4B018715.2060401 at Dartmouth.edu><4B0186F4.2050806 at drh-consultancy.demon.co .uk><4B018DFB.5020607 at Dartmouth.edu><op.u3h0yzwevqd7e2 at killashandra.oslo.o sa> <86112D3D-9E0C-4703-AFCC-A8873B74017B at mitre.org> <FAD1CF17F2A45B43ADE04E140BA83D48E0E1C8 at scygexch1.cygnacom.com> <4B02C3CB.90703 at Dartmouth.edu> <01e201ca67a4$3532ce60$9f986b20$ at khan@ascertia.com> <4B02DE75.60909 at Dartmouth.edu>
List-id: PKIX Working Group <pkix.ietf.org>

Max,

I could imagine a brief document that suggests that a client whowishes to obscure the ID of the cert of interest can make requestsfor multiple certs,

or that the client just use CRLs.  I do worry that a client might not know

valid serial numbers for other certs from the CA in question and, asa result, might have a hard time producing queries that wereconsistent i this regard.


In any case, I am not enthusiastic about any changes to the base protocol,

as opposed to guidance on how to use the protocol in a moreprivacy-preserving fashion.


Steve

Follow-Ups:
- Re: [pkix] OCSP and Privacy Issues
  - From: Massimiliano Pala

References:
- [pkix] Comments on draft-ietf-pkix-ocspagility-03.txt
  - From: Jim Schaad
- Re: [pkix] Comments on draft-ietf-pkix-ocspagility-03.txt
  - From: Stephen Kent
- [pkix] OCSP and Privacy Issues
  - From: Massimiliano Pala
- Re: [pkix] OCSP and Privacy Issues
  - From: Massimiliano Pala
- Re: [pkix] OCSP and Privacy Issues
  - From: Miller, Timothy J.
- Re: [pkix] OCSP and Privacy Issues
  - From: Carl Wallace
- Re: [pkix] OCSP and Privacy Issues
  - From: Massimiliano Pala
- Re: [pkix] OCSP and Privacy Issues
  - From: Liaquat Khan
- Re: [pkix] OCSP and Privacy Issues
  - From: Massimiliano Pala

Prev by Date: Re: [pkix] way forward for 5280
Next by Date: Re: [pkix] way forward for 5280
Previous by thread: Re: [pkix] OCSP and Privacy Issues
Next by thread: Re: [pkix] OCSP and Privacy Issues
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.