Bob,
The article in CACM correctly reflects the RFCs. I think I
detect some misunderstandings of the motivations and impications
associated with the global CRL database requirement:
- I do not assume that users served by one PCA will have no
interest in communicating with users served by other PCAs. Business
users of a high assurance PCA may interact with business users of some
other high assurance PCA, for example. This has nothing to do with
PCA cross-certification (which is prohibited), but with a perception
that users will communicate across PCA boundaries. I cannot agree
with your assumption that PEM communication will take place
exclusively within the boundaries associated with PCAs.
- There is no requirement for a CA to "push" CRLs (received
from a PCA) to its users. There is no requirement for a PCA to "push"
CRLs to any of its clients. A CA may elect to acquire CRLs through
its PCA and then distribute them to its users, but this is not
required by the RFCs. If a CA elects to retrieve CRLs from its PCA
and push then to users, it can be selective in performing this
function to minimize pushing unwanted CRLS to users.
- There is a requirement for each CA to supply the CRL it is
responsible for to its PCA in a timely fashion (as per the PCA policy
statement) and for each PCA to provide access to the global CRL
database. The database access must be provided via email, and other
(e.g., realtime) database access options may be provided by PCAs at
their discretion. UAs must be capable of retrieving CRLs via the RFC
1424 message format, and of processing incoming CRL messages. UAs
must be capable of processing the IPRA CRL, PCA CRLs, and CA CRLs.
Steve