Date: Fri, 26 Jun 92 17:11:19 PDT
From: burt(_at_)RSA(_dot_)COM (Burt Kaliski)
Sender: pem-dev-relay(_at_)TIS(_dot_)COM
...
What do you think of changing the syntax to be a signed
privacy-enhanced message whose content consists of the CRL issuer
names? (The content would also need a nonce to prevent replay.)
I would certainly only want this as an option, not as a requirement. Also
I would propose that care be used in defining the signed format so that
a program can unambiguously differentiate between a regular privacy
enhanced mail message (which should never be sent to a CRL automated
reflector) and an enhanced message that contains a CRL retrieval request.
One simple way would be to encapsulate a CRL retrieval request within
a normal PEM message. This would also trivially support the encapsulation
of the CRL retrieval within an ENCRYPTED message, for those who care
about who is watching who they care about!
I would also leave this out of the current RFC [FORMS]. Instead, those
CRL providers who wish to support encapsulated requests, can do so and
notify their clients. I think we should keep the standards as simple
as possible at this juncture. I also want to see PEM become a reality.
I feel that for this to happen, it is important that we freeze the RFCs
at some point (soon) and get some working code out there!
-Jeff