This is a cryptographically signed message in MIME format.
--
Philip Hazel wrote:
> On Wed, 7 Jan 2004, Mark Foster wrote:
>
>
>>2. support for CRL and/or OSCP? Where does this stand?
>
>
> I do wish people wouldn't assume that I know everything! :-)) What are
> CRL and OSCP?
>
> Other points noted.
>
So there isn't any support for them (yet).
My understanding is as follows...both are mechanisms for checking the
validity of X.509 certificates. When a certificate (private key
actually) is compromised, the issuing certificate authority (think
verisign, thawte, geotrust) can revoke the certificate, placing it into
a revocation list.
Typically, a CRL is published online via
http://some.addr.tld/ca.crl
Applications can then check the CRL to be sure a certificate is still
legit. OSCP is an evolved CRL concept where the check can be done over a
network lookup.
So given the existing of CRL/OSCP, the trust model in exim seems to fall
short, since it doesn't (appear to) check for certificate revocation.
Please add to the wishlist... I could try and come up with some
code/patches if you would consider it.
Thanks.
--
=> Somedays it's just not worth chewing through the restraints...
=> Mark Foster <mark@???> http://mark.foster.cc/
--
Content-Description: S/MIME Cryptographic Signature
[ smime.p7s of type application/x-pkcs7-signature deleted ]
--
