Re: [OpenCA-Devel] HTTPS support for OCSPD

Tue, 04 Dec 2007 10:22:27 -0800 

Ciao Alex,

my concerns about publishing CRLs over HTTPS are based on the fact that
if you do that, the OCSPD will probably have no problems, but other
apps will - as that URL (HTTPS) will be used by many other apps besides
the OCSP, it is wise to consider it carefully before doing so :D

About the cURL, I will definitely consider it. Actually I already implemented
a URL-based retrieval interface in LibPKI... but, at the moment, it lacks
some protocols, e.g. HTTPs, FTP, FTPs, Email (which can all be useful
for different purposes to the average programmer, not only for the OCSPD).

I will look into it and see if we can add its support to LibPKI... it has
a lot of other dependecies, though.. :)

Later,
Max

Alex Agranov wrote:

Hi Max,

I realize that HTTP may be "just enough" for CRL publishing. But LDAP
and HTTPS are valid options too. And there are quite a few products that
support both. 
The "revocation loop" that you refer to in your previous mail, in fact
may be a problem for certain client applications, but it's hardly an
issue for OCSP daemon itself.

As for your concern on portability - cURL library is highly portable
(it's available for Linux, Solaris, FreeBSD, OS/2, MacOS, AIX and even
Windows - check http://curl.haxx.se/download.html). It greatly
simplifies your application code and is actively maintained. Another
advantage of using it - it gives you full support of all HTTP features
(e.g. authentication) as well as support for other protocols - e.g. FTP
and FTPS. You may also use it for LDAP and LDAPS support (instead of
directly interfacing OpenLDAP API) - though this is completely up to
you.



--

Best Regards,

        Massimiliano Pala

--o------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager]            [EMAIL PROTECTED]
                                                 [EMAIL PROTECTED]

Dartmouth Computer Science Dept               Home Phone: +1 (603) 397-3883
PKI/Trust - Office 063                        Work Phone: +1 (603) 646-9179
--o------------------------------------------------------------------------

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

-------------------------------------------------------------------------
SF.Net email is sponsored by: The Future of Linux Business White Paper
from Novell.  From the desktop to the data center, Linux is going
mainstream.  Let it simplify your IT future.
http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4
_______________________________________________
OpenCA-Devel mailing list
OpenCA-Devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-devel

Reply via email to