|
|
Re: Ousourced Trust (was Re: Difference between TCPA-Hardware and a smart c: msg#00221encryption.general
Anne & Lynn Wheeler <lynn@xxxxxxxxxx> writes: >the IETF OCSP standards work seems to be all about a real-time protocol that >a relying party can use to check with a (LDAP?) database about whether the >information that might be in a specific certificate can still be relied on. >It has some of the flavor of a distributed filesystem/database cache entry >invalidation protocol All of the CRL and OCSP stuff isn't about using the >certificate for authenticating to an x.500 directory .... but whether the >stale, static copy of information in the certificate is still good. That's my big gripe with OCSP, it's compromised in almost every way in order to make it completely bug-compatible with CRLs. It's really mostly an online CRL query protocol rather than any kind of status protocol (in other words a responder can give you an, uhh, "live" response from a week-old CRL via OCSP). A recent update to the protocol even removes the use of nonces, to make replay attacks possible. Peter. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@xxxxxxxxxxxx |
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | Re: Microsoft publicly announces Penny Black PoW postage project: 00221, Adam Back |
|---|---|
| Next by Date: | Re: Microsoft publicly announces Penny Black PoW postage project: 00221, Ben Laurie |
| Previous by Thread: | Re: Ousourced Trust (was Re: Difference between TCPA-Hardware and a smart card and something else beforei: 00221, Anne & Lynn Wheeler |
| Next by Thread: | Re: Ousourced Trust (was Re: Difference between TCPA-Hardware and a smart card and something else before: 00221, Anne & Lynn Wheeler |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
| News | FAQ | advertise |