[13333] in cryptography@c2.net mail archive
Re: Payments as an answer to spam (addenda)
daemon@ATHENA.MIT.EDU (Rich Salz)
Sun May 18 22:22:06 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Sun, 18 May 2003 18:08:46 -0400 (EDT)
From: Rich Salz <rsalz@datapower.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
Cc: "cryptography@metzdowd.com" <cryptography@metzdowd.com>
In-Reply-To: <200305180550.h4I5ojA15181@medusa01.cs.auckland.ac.nz>
> Now there are some responders that query a live database, but there are
> concerns that this will lead to responses that differ from those obtained when
> the relying party queries a CRL (you're back to the "bug-compatible with CRLs"
> issue again).
>From day one there were always responders that worked this way. Valicert
was CRL-only; the company was arguably built around a patent for turning
a set of CRLs into a tree. CertCo had a fast-path revocation mechanism,
and we tried to point out how we were better than CRLs but never got
much uptake. We always believed the Verisign service was based on their
database, but never knew for sure.
> A real solution
> to the problem would follow the online authorisation model used for financial
> transactions, just a straight "Accepted/Declined" response, rather than the
> "Maybe/Maybe not" silly-walk that OCSP does.
I really like XKMS.
/r$
--
Rich Salz Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
