[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[caops-wg] New ID: draft-gerck-pkix-revocation-00.txt

To: security-wg@ggf.org, caops-wg@ggf.org
Subject: [caops-wg] New ID: draft-gerck-pkix-revocation-00.txt
From: Michael Helm <helm@fionn.es.net>
Date: Tue, 08 Jun 2004 12:08:37 -0700
Sender: owner-caops-wg@gridforum.org

People interested in crl issues and incident handling might 
find this new IETF PKIX doc interesting.

------- Forwarded Message

From owner-ietf-pkix@mail.imc.org  Thu May 27 18:22:55 2004
Message-ID: <40B68E12.3040608@nma.com>
Date: Thu, 27 May 2004 17:55:46 -0700
From: Ed Gerck <egerck@nma.com>
To: PKIX <ietf-pkix@imc.org>
Subject: New ID: draft-gerck-pkix-revocation-00.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is an individual submission in reference to the Public-Key Infrastructure
(X.509) Working Group of the IETF.

	Title		: Certificate Revocation Revisited
	Author(s)	: E. Gerck
	Filename	: draft-gerck-pkix-revocation-00.txt
	Pages		: 17
	Date		: 2004-5-24

ABSTRACT:	
PKIX certificate revocation protocols are primarily described in RFC3280.
This Document revisits limitations on determining the revocation status
of a certificate. Ambiguous aspects of revocation and revocation delegation
are resolved. An objective point of view is introduced as a reference
that does not depend on the observer (e.g., the RP). The revocation
status of a certificate issued by a conforming CA is shown to be always
well-defined from a relying party's point of view -- i.e., it is
unambiguous (revoked or not revoked) and ultimately determinable at any
period in time. The limitations on determining the revocation status of
a certificate have nothing to do with the eventual result of the
determination process by a relying party. The limitations have to do
with the efforts for that determination, which may require a large
(actually unspecified) amount of time and work. Some practices are also
suggested, allowing a relying party to determine the revocation status
of a certificate with higher reliability in less time. The same
considerations apply to determinations of status "change" processes,
including certificateHold and removefromCRL.

A URL for this Internet-Draft is:
http://ietf.org/internet-drafts/draft-gerck-pkix-revocation-00.txt

Comments are welcome.

Cheers,
Ed Gerck

------- End of Forwarded Message

Prev by Date: Re: [caops-wg] meeting minutes
Next by Date: [caops-wg] [Fwd: gf-chairs Production Grid Management Survey]
Previous by thread: Re: [caops-wg] meeting minutes
Next by thread: [caops-wg] [Fwd: gf-chairs Production Grid Management Survey]
Index(es):
- Date
- Thread