ietf-smime
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Certs-only Mechanism for X.400 Transport

2001-02-28 07:02:21
from [Russ Housley] [Permanent Link]
I was not part of the S/MIME v2 discussions that lead to the current format. I have asked Blake to chime in, and I hope that he does. The scenario of interest is a CA returning a certificate in response to the PKCS#10 request. Here, the CA could choose to include the current CRLs in the "cert-only" message. This would seed the newly-enrolled user's CRL cache.
I am not aware of any CA pushing CRLs to their subscribers in an S/MIME message. It could certainly be done.... 

Russ

At 04:30 PM 2/26/2001 +0000, William Ottaway wrote:

Chris,

I'm happy for the text to indicate that the format described for a certs
only message could be used to transport CRLs or both, as long as the text
also states that if CRLs or both are being transported the OID for certs
only MUST not be used.

Do we have consensus :-)

Bill.

> -----Original Message-----
> From: Bonatti, Chris [mailto:BonattiC(_at_)ieca(_dot_)com]
> Sent: 26 February 2001 16:10
> To: William Ottaway
> Cc: jimsch(_at_)exmsft(_dot_)com; ietf-smime(_at_)imc(_dot_)org
> Subject: Re: Certs-only Mechanism for X.400 Transport
>
>
> Bill,
>
>     Okay, how about option (3)  ;-)
>
>     (3) would be we clarify the text, but describe more clearly
> what I think was
> the intent of RFC 2633.  Namely, that the format described and
> identified as
> "certs-only" can be used to convey either certs, CRLs or both.
>
>     Btw, I would happily go along with either (1) or (2) if the
> corresponding
> change were made to the MSG spec.  I guess I still favor (3)
> however, because I
> perceive it to be the status quo, and because allowing CRLs to be
> included here
> doesn't seem to break anything for the PKCS #10 scenario.  I'd be
> hard pressed
> to cite the benefits, though.  Does anybody remember the logic
> for why this was
> done?
>
> Chris
>
>
> _______________________
>
> William Ottaway wrote:
>
> > Jim,
> >
> > I think I'm inferring what is done. :-)
> >
> > My only gripe is I don't like the statement "This format can
> also be used to
> > convey CRLs." followed by a description of how to carry
> certificates but no
> > description of how to carry CRLs in a similar format.
> >
> > Its too late to change RFC 2633 but draft-ietf-smime-x400trans could say
> > something different.
> >
> > 1) Don't mention that CRLs can be carried in a similar way to a
> certs only
> > message
> >
> > or
> >
> > 2) Specify an OID for a CRL only message.
> >
> > Bill.
> >
>
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: WG Last Call:draft-ietf-smime-rcek-01.txt, Stephen Farrell
Next by Date:  RE: Certs-only Mechanism for X.400 Transport, Blake Ramsdell
Previous by Thread:  RE: Certs-only Mechanism for X.400 Transport, William Ottaway
Next by Thread:  RE: Certs-only Mechanism for X.400 Transport, Blake Ramsdell
Indexes:  [Date] [Thread] [Top] [All Lists]