pem-dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Algorithm IDs re

1993-11-09 16:09:00
from [Steve Kent] [Permanent Link] 

Bob,

Rich Annkey described the option of using different object IDs to 
distinguish between different intended uses for public keys held 
in certificates, a technique already used in MSP.  However, let me 
observe that if PEM adopts this convention in the future, when one 
uses different keys for signing and key exchange, the syntax and 
processing semantics for PEM message will need to change.  So it 
is not as simple as issuing a new version of 1423 and adding more 
object IDs to that list.

Steve
============== and another response ==========================
To: jueneman(_at_)gte(_dot_)com
cc: pem-dev(_at_)tis(_dot_)com
-------------

Bob,

You are correct that a CA should issue is free to issue an interim 
is free to issue a CRL prior to the next scheduled update, and 
tthe next scheduled update, and 1422 makes that clear.  Whether a 
CA is required to do so is a matter of PCA policy.

As for resetting the nextUpdate field, I think that is less 
critical  issue than you suggest.  Personally, I think the 
nextUpdate field should be unchanged when an "emergency" CRL is 
issued, but I don't think this has to be true across all of PEM.  
Since this field can change at every CRL issue, If nextUpdate were 
changed, then when the user fetched the "current" CRL based on a 
cached nextUpdate value, he would find that the currently 
available one was newer than his cached one and retrieval of this 
newer CRL would set a new value for when he should plan to fetch 
the next scheduled CRL for this CA/PCA.  Since the nextUpdate 
field can be changed each time a CRL is issued, I don't see how an 
automated well-designed, procedure for CRL retrieval of scheduled 
CRLs would break under the circumstances outlined above.  Some of 
your suggestions for promptness requirements for CA posting are 
reasonable in a PCA policy statement, but cannot be considered 
baseline PEM policy given the broad range of policies PEM is 
intended to accommodate.  As for your suggestions for commercial 
PCA policy re CRL management, I suggest you direct them to 
appropriate PCAs as part of market feedback.

Steve
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • Algorithm IDs re, Steve Kent <=
Previous by Date:  Re: boss and secretary problem.., Steve Kent
Next by Date:  Re: CRLs Load with PCAs and CAs, Steve Kent
Previous by Thread:  Re: boss and secretary problem.., Steve Kent
Next by Thread:  X.509 DN semantics, Steve Kent
Indexes:  [Date] [Thread] [Top] [All Lists]