Re: PKI and Relying Parties

• Next message: Andrew McCall: "Re: Permission denied (publickey) Problem."
• Previous message: espresso: "Diable ssh1 (OpenSSH)"
• In reply to: Harold Hammond: "Re: PKI and Relying Parties"
• Next in thread: john.veldhuis@universal.nl: "Re: PKI and Relying Parties"
• Next in thread: Citizen Fish: "Re: PKI and Relying Parties"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: Citizen Fish <fishy@<tut tut>answer.me.uk>
Date: Thu, 28 Mar 2002 15:21:06 +0000

Harold Hammond coughed up the following:

> This isn't about access control or about the reliability of a PKI. The
> simple question is how can one get access to up-to-date CRLs without
> becoming a CA.
>
> I want to be able to check Certificate Revocation Lists for digital
> certificates
> being presented at my website. I do not want to be a CA. I do not want
> anyone to be a CA on my behalf.
>
> Any ideas?
> -Harold

..and the answer is simple....all good CA's publish them. You access them
via either LDAP, or HTTP retrieval and process them yourself (PKCS#7) or
you use OCSP

CF

-- 
Come inside boy - they call this fun!,..........

• Next message: Andrew McCall: "Re: Permission denied (publickey) Problem."
• Previous message: espresso: "Diable ssh1 (OpenSSH)"
• In reply to: Harold Hammond: "Re: PKI and Relying Parties"
• Next in thread: john.veldhuis@universal.nl: "Re: PKI and Relying Parties"
• Next in thread: Citizen Fish: "Re: PKI and Relying Parties"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]