Best Regards,
Massimiliano Pala, Ph.D.
OpenCA Labs Director
OpenCA Labs Director
Hi all,
I am Massimiliano Pala, currently working @ CableLabs and
long-time open-source activist :D I am currently working on
defining how to provide revocation information for digital
certificates via DNS. The current proposal we are bringing forward
is attached to this e-mail... It is just initial work, but I think
this could potentially be implemented easily and can provide
benefits for different environments (not justĀ
browsers/web-servers). [*]
I am reaching out to you guys to possibly gather your attention to this project and get some feedback from the DNS implementation gurus... :D Any help, feedback, and collaboration on this front would be really appreciated.
Looking forward to hearing from you,
Cheers,
Max
P.S.: This initial work is focused on providing DNS as a
transport protocol for OCSP (Online Certificate Status Protocol)
responses. We plan to extend this work to provide different
validity/revocation tokens that might be more suitable (smaller
sizes, etc.) for the DNS system in general, but we would like to
tackle the lower hanging fruit before proposing a completely new
format for revocation status tokens.. :D