Hi All, As many of us have probably had to deal with some pain points when developing and/or using applications together with X509 PKIs. I hope that the projects we promote (i.e., OpenCA PKI, OpenCA OCSPD, and LibPKI) have been helpful in providing useful solution. However, issues still exist in interacting with PKIs. In particular, some of the most painful areas are related to service (and repository) discovery and efficient revocation. Besides implementing specific solutions for well-defined (and usually quite closed) environments, no existing standards efficiently address these issues.
In the past we participated to discussions within the Internet Engineering Task Force (IETF) and implemented the standardized protocols (e.g., OCSP). However, the Working Group (WG) that was historically responsible for advancing the status of these standards (required for interoperability across applications and organizations) was declared closed - therefore, today, there is no proper venue where this standardization work can happen. It seems that the IETF is still on the fence about the need for solving these issues and that strong consensus is required in order to open a new WG that will address these problems. I was wondering what the OpenCA community thinks about the need to provide standards that cover the aforementioned issues (e.g., by providing enhancements over existing solutions - like OCSP over DNS, by providing new more-compact revocation formats that would better cope with high-volume transactions environments than OCSP, and - ultimetely - by providing PKIX discovery protocols that will ease interacting with certificate-related services and with federating identities) and if anybody would feel like they can contribute to the discussion and, eventually, to the needed work (via the PKIX mailing list - https://www.ietf.org/mailman/listinfo/pkix). If the proposal for working on these issues will move forward, I think that the OpenCA Labs could very well work on implementing those standards and, therefore, solve those issues for lots of us in a standardized and interoperable way. Cheers, Max ------------------------------------------------------------------------------ Infragistics Professional Build stunning WinForms apps today! Reboot your WinForms applications with our WinForms controls. Build a bridge from your legacy apps to the future. http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk _______________________________________________ Openca-Users mailing list Openca-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-users
