Hi all,

I am Massimiliano Pala, currently working @ CableLabs and long-time 
open-source activist :D I am currently working on defining how to 
provide revocation information for digital certificates via DNS. The 
current proposal we are bringing forward is attached to this e-mail... 
It is just initial work, but I think this could potentially be 
implemented easily and can provide benefits for different environments 
(not just browsers/web-servers). [*]

I am reaching out to you guys to possibly gather your attention to this 
project and get some feedback from the DNS implementation gurus... :D 
Any help, feedback, and collaboration on this front would be really 
appreciated.

Looking forward to hearing from you,

Cheers,
Max

P.S.: This initial work is focused on providing DNS as a transport 
protocol for OCSP (Online Certificate Status Protocol) responses. We 
plan to extend this work to provide different validity/revocation tokens 
that might be more suitable (smaller sizes, etc.) for the DNS system in 
general, but we would like to tackle the lower hanging fruit before 
proposing a completely new format for revocation status tokens.. :D

-- 
Best Regards,
Massimiliano Pala, Ph.D.
OpenCA Labs Director
OpenCA Logo