On 07/28/2010 12:02 PM, Nicolas Williams wrote:
Sorry, but this is wrong. The OCSP protocol itself really is an online
certificate status protocol. Responder implementations may well be
based on checking CRLs, but they aren't required to be.
Don't be confused by the fact that OCSP borrows some elements from CRLs.
my OCSP analogy was turning authentication into an end in itself ... basically
a new kind of retail store ... instead of retail store that sells some product
... you go in and buy something ... doing a real-time payment transaction; ...
there is an authentication store ... convince everybody that they need to walk
into their (OCSP) authentication retail store at least once a day to perform an
authentication operation (for no other reason that people should get a lot of
comfort out of being authenticated at least once a day or more if necessary)
... totally divorced and unrelated to any actual business purpose.
--
virtualization experience starting Jan1968, online at home since Mar1970
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
