A mighty fortress is our PKI, Part II
Anne & Lynn Wheeler
lynn at garlic.com
Wed Jul 28 12:39:12 EDT 2010
On 07/28/2010 12:02 PM, Nicolas Williams wrote:
> Sorry, but this is wrong. The OCSP protocol itself really is an online
> certificate status protocol. Responder implementations may well be
> based on checking CRLs, but they aren't required to be.
>
> Don't be confused by the fact that OCSP borrows some elements from CRLs.
my OCSP analogy was turning authentication into an end in itself ... basically a new kind of retail store ... instead of retail store that sells some product ... you go in and buy something ... doing a real-time payment transaction; ... there is an authentication store ... convince everybody that they need to walk into their (OCSP) authentication retail store at least once a day to perform an authentication operation (for no other reason that people should get a lot of comfort out of being authenticated at least once a day or more if necessary) ... totally divorced and unrelated to any actual business purpose.
--
virtualization experience starting Jan1968, online at home since Mar1970
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list