Payments as an answer to spam (addenda)
Rich Salz
rsalz at datapower.com
Sun May 18 18:08:46 EDT 2003
> Now there are some responders that query a live database, but there are
> concerns that this will lead to responses that differ from those obtained when
> the relying party queries a CRL (you're back to the "bug-compatible with CRLs"
> issue again).
>From day one there were always responders that worked this way. Valicert
was CRL-only; the company was arguably built around a patent for turning
a set of CRLs into a tree. CertCo had a fast-path revocation mechanism,
and we tried to point out how we were better than CRLs but never got
much uptake. We always believed the Verisign service was based on their
database, but never knew for sure.
> A real solution
> to the problem would follow the online authorisation model used for financial
> transactions, just a straight "Accepted/Declined" response, rather than the
> "Maybe/Maybe not" silly-walk that OCSP does.
I really like XKMS.
/r$
--
Rich Salz Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list