I have been following a thesis of a student about the TSA. Although much work is to be done, the code could be integrated into OpenSSL and then we could start working on implementing TSA as part of the project.
There are choices to be done:
- should we push for a solution like the OCSP one (where basic code is
integrated into openssl and we develop a server using lib calls); - should we develop a server (HTTP protocol as the TCP part has been
subject of some discussions in the ietf and it is not thought to be
a good solution) or a perl script using a command line tool for TSA ? advantages of the server: we keep all the code into a single binary
and much of the coda can be re-utilized from
the ocspd. Integration with DB's may be
somehow difficult, but it should not be
needed (indeed we can access easily to LDAP,
so I guess there is no issue here).
Can be installed as external software not
requiring full installation (i.e. on different
servers for different porpuses). advantages of the perl interface:
easily integrable with existing openca
interfaces and we can use all the Apache's
HTTP powerfull capabilities.I am not listing all the points, just some hints to know if the subject matters and what your opinions are about it.
Let me know.
--
C'you,
Massimiliano Pala
--o-------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager] [EMAIL PROTECTED]
Tel.: +39 (0)59 270 094
http://www.openca.org Fax: +39 178 221 8225
http://openca.sourceforge.net Mobile: +39 (0)347 7222 365
smime.p7s
Description: S/MIME Cryptographic Signature
