[caops-wg] OCSP section 6.3
Oscar Manso
o.manso at certiver.com
Fri Jun 3 11:23:08 CDT 2005
>> The document should be improved to cover both of these features and point
>> out the issues associated with them. Does anyone have any better words
>> than "publishing interval" (frequency?) and "cautionary period"
>> (latency?) for these things?
Olle,
I agree with you in that, when talking about CRLs, the cautionaryPeriod
interval theoretically corresponds to the frequency at which CRLs are
supposed to be published.
However, in practice many CAs publish a new CRL as soon as they revoke or
suspend a new certificate, independently of the refreshment frequency
published.
On the other hand, when using OCSP, the thisUpdate and nextUpdate interval
does not have the meaning of frequency because the usage of such mechanism
does not imply publishing responses at periodic intervals of time.
Therefore, in the case of OCSP, the interval does not necessarily correspond
with the interval set by any CRL. Instead, it can be set/used to give an
idea of the precision of the response being provided (which, as we already
mentioned, depends on the quality of the connection set between a CA and the
OCSP)
If the term cautionaryPeriod is confusing maybe we could name it
precisionInterval. But in any case, we believe that it is important to
introduce such term in the document.
Oscar
More information about the caops-wg
mailing list