David,
Thanks for providing text and a diagram. I think your characterization
of this class of attacks is very good; it's generally concise and very
clear. It's better that what I wrote.
I a number of edits to your text. I reduced the length of some long
(4-5) line sentences, and referred to an attacker (vs. the CA) where
appropriate. (An attacker would supply a cert chain to a browser, but
the attacker is not acting as a CA in that context.)
I included (revised) text that I used to describe ways that a browser
can be steered toward specific revocation status data by an attacker,
since IO think this helps explain the subtle issues of why revocation is
problematic. I retained most of your text about possible remedies.
A new version of the I-D will be posted soon.
Steve
_______________________________________________
Trans mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/trans
