CRL or OCSP checker in WebCryptoAPI
7 views
Skip to first unread message
Mountie Lee
Aug 6, 2012, 1:18:41 AM8/6/12
to mbankin...@googlegroups.com
WebCryptoAPI의 low level API에서는 범주에 포함되지는 않습니다.
--
Mountie Lee
Tel : +82 2 2140 2700
E-Mail : mou...@paygate.net
---------- Forwarded message ----------
From: Ryan Sleevi <sle...@google.com>
Date: Mon, Aug 6, 2012 at 2:12 PM
Subject: Re: crypto-ISSUE-16: Definition for Key Expiration [Web Cryptography API]
To: Mountie Lee <mou...@paygate.net>
Cc: Web Cryptography Working Group <public-w...@w3.org>, David Dahl <dd...@mozilla.com>, Vijay Bharadwaj <Vijay.B...@microsoft.com>
in the context of a specific certificate.
For example, a given key may have multiple certificates associated
with it (crypto-ISSUE-15). As such, it's possible to imagine a
scenario where one of the certificates has been revoked by the issuer,
while another has it still valid.
This is similar to the issue I note with overlapping validity dates.
With the low-level API, however, it's certainly possible to integrate
a CRL or OCSP checker, if there is a particular certificate to be
checked. The low-level API provides sufficient primitives that,
combined with XMLHttpRequest, an application could generate an OCSP
request, or parse a CRL or OCSP response.
Regards,
Ryan
From: Ryan Sleevi <sle...@google.com>
Date: Mon, Aug 6, 2012 at 2:12 PM
Subject: Re: crypto-ISSUE-16: Definition for Key Expiration [Web Cryptography API]
To: Mountie Lee <mou...@paygate.net>
Cc: Web Cryptography Working Group <public-w...@w3.org>, David Dahl <dd...@mozilla.com>, Vijay Bharadwaj <Vijay.B...@microsoft.com>
On Sun, Aug 5, 2012 at 9:58 PM, Mountie Lee <mou...@paygate.net> wrote:
> Hi.
> for determining key expiration,
> are CRL or OCSP in scope of low level api?
>
> regards
> mountie.
No. CRL and OCSP represent high-level protocols, and are only relevant> Hi.
> for determining key expiration,
> are CRL or OCSP in scope of low level api?
>
> regards
> mountie.
in the context of a specific certificate.
For example, a given key may have multiple certificates associated
with it (crypto-ISSUE-15). As such, it's possible to imagine a
scenario where one of the certificates has been revoked by the issuer,
while another has it still valid.
This is similar to the issue I note with overlapping validity dates.
With the low-level API, however, it's certainly possible to integrate
a CRL or OCSP checker, if there is a particular certificate to be
checked. The low-level API provides sufficient primitives that,
combined with XMLHttpRequest, an application could generate an OCSP
request, or parse a CRL or OCSP response.
Regards,
Ryan
Mountie Lee
Tel : +82 2 2140 2700
E-Mail : mou...@paygate.net
======================================= PayGate Inc. THE STANDARD FOR ONLINE PAYMENT for Korea, Japan, China, and the World
Reply all
Reply to author
Forward
0 new messages