"Douglas" == Douglas Otis <dotis(_at_)mail-abuse(_dot_)org> writes:
Douglas> This still seems like too much. Information offered for
Douglas> access can be contained within one or more certificates.
Douglas> The information within these certificates should be
Douglas> limited to a minimal set of values:
Douglas> 1) creator 2) class 3) user-host 4) time-stamp 5) update
Douglas> The essential information would be the
Douglas> creator/class/user-host/time- stamp fields. When
Douglas> protection is not enabled or is buggered, then a newer
Douglas> certificate should not be offered. The virus definitions
Douglas> or patch updates can be deduced from the time-stamp or by
Douglas> extensions added to class, i.e. AVX-VISTA-37. If a
Douglas> vulnerability is reported subsequent to the time-stamp
Douglas> regarding the creator/class of service, then a new
Douglas> certificate could be required. This would simplify
Douglas> tracking at the access point. By keeping the information
Douglas> exchanged and decisions limited to this minimal
Douglas> information, NEA should provide a valuable services in
Douglas> many environments.
How do I get a new cert if mine is expired? Go for remediation and
get it there?
I actually like a lot of what you specify.
Ietf mailing list