To:
"'William Tan'" <william.tan@i-dns.net>, ietf-whois@imc.org, ietf-provreg@cafax.se
From:
"Hollenbeck, Scott" <shollenbeck@verisign.com>
Date:
Mon, 5 Mar 2001 07:55:55 -0500
Sender:
owner-ietf-provreg@cafax.se
Subject:
RE: Signed response
I believe GRRP requirement 11-[2] in the new -00 requirements draft covers the possibility of signature services if so desired by a registry operator. Those requirements don't apply to whois, though, so maybe it's something to consider if/when requirements for whois enhancements are developed. <Scott/> -----Original Message----- From: William Tan [mailto:william.tan@i-dns.net] Sent: Sunday, March 04, 2001 2:45 PM To: ietf-whois@imc.org; ietf-provreg@cafax.se Subject: Signed response The PKIX WG has a Online Cert Status Protocol (OCSP) proposal where the CA runs a service like this answering queries about the status of issued certificates, signing the responses. The concept of signed response by the CA (in this case, registry / registrar) may be an important requirement for whois and status request on provreg. The reasons are: 1. Result of whois & status queries have been used by lawyers as evidence in court of law 2. Authenticity of content - client can verify the integrity of the answer (important data to sign would be 'Database-updated-date', the query result, or 'No-such-record-at-this-time'). Maybe we should consider this part of the requirement. wil.