OCSP doc audio conference 2/6/2006 8:02:15 AM Some sketchy minutes Attendees: A Sill, Oscar M, J Luna, mwh, O Mulmo, R Cowles? AI: Oscar/Jesus will send text to the group, relaying Chadwick's proxy revocation ideas; mwh to incorporate above O/J will send some more delta CRL - related text to the group Authorized responder detail (see below) -> doc mwh will do new edit (probably Tue/Wed) mwh will do slides about edits, send to group (Wed/Thu) Decisions: Ok to accept changes in current document - group will continue to send comments to the list on current content and changes. Discussion: Alan Sill: OCSP doc drifts into dangerous, authZ territory mwh: Not too much - no viewpoint on certs. Do need authZ for some service supporting proxy cert revocation and blacklisting; not really a part of OCSP but part of the service provisioning Oscar: Dave Chadwick thinks proxy rev might play a role in blacklisting; make sure to distinguish between authentication & authorization functions; more .... DC will introduce a validation service proposal of some kind at GGF 16 in AuthZ WG. O: [more] proxy cert revocation important but not authZ mechanism Will send text to list Discussion Delta crls O: We have a demo service [model of how to produce & manage delta crl's] O: cautionary period Send to list how to define cautionary period Is mwh's reading of delta crl standard & use correct? [The certiver folks will send some material on this] O: agree OCSP good way of managing delta crl's for clients Discussion on 5.3 where we recommend [maybe, describe?] the use of non CRL database - will send some requirements for this Also expand to include CA w/ no delta CRLs We agree w/ most of the document - ok to accept changes and proceed to next rev Question about Authorized Responder, and weaknesses of current CAs: Many CAs are offline most of the time, and their hosting environment may not be comfortable with a full-fledged 24 x 7 service such as OCSP. Olle: Auth OCPS responder can issue responder certs in batch -- will put in doc Addresses one of these problems (the 99.999% uptime problem is out of scope but will be noted). mwh noted a possible GGF attendance problem; may not be present at Athens after all. Will forward slide summary to CAOPS chairs & the group.