Folks -
Lately, I have seen a great deal of discussion on the issue of CRL storage
and retrieval, and would like to ask a (possibly very basic) question.
Reading through RFC 1424, I notice that a specific syntax for CRL request
and retrieval has been described, but that there is no corresponding syntax
for retrieval of certificates.
My question is this: was the certificate retrieval issue deliberately left
out, since there is already a mechanism for obtaining certificates; or was
it not considered?
I know that certificates can always be obtained through an explicit request
of users themselves, but that does require an additional communication
between parties involved. It would be convenient to be able to retrieve
a certificate from the issuing CA directly (and, perhaps, automatically),
the same way that CRLs are retrieved.
We have been thinking about using a query server to handle requests for
both CRLs and certificates, similar to the one currently in place at MIT.
Does anyone know of any other such servers in existence, or of any work
going on in this area?
Any information you have would be greatly appreciated.
Thanks,
Anish Bhimani
-------------------------------------------------------------------------------
Anish Bhimani | "LAPD - We treat you like a King."
Engineering Network Integrity, Bellcore | -- T-shirt seen on Venice Beach
anish(_at_)ctt(_dot_)bellcore(_dot_)com
(908) 699-5571 (phone) (908) 336-2969 (fax)