W3C home > Mailing lists > Public > www-xkms@w3.org > February 2003

RE: Serving static responses

From: Hallam-Baker, Phillip <pbaker@verisign.com>
Date: Mon, 3 Feb 2003 09:19:23 -0800
Message-ID: <CE541259607DE94CA2A23816FB49F4A3F7029D@vhqpostal6.verisign.com>
To: stephen.farrell@baltimore.ie, "Hallam-Baker, Phillip" <pbaker@verisign.com>
Cc: www-xkms@w3.org

> I'm not so sure its a major problem, perhaps more of a 
> feature:-) Don't
> you have an implicit public key certificate once the same response is
> sent out twice?

You have an implicit public key certificate with probably a very short 
lifespan like 1 day.

This is not an abstract problem comming from a hypothetical problem.

The same issue comes up with DNSSEC. I have done some calculations and
I recon that for the same price as the faux-PKI proposed by the DNS-SEC
group it would be possible to support an XKMS service.

So I have to be able to scale to ten billion or so transactions a day.
I need the option of static data to reliably serve over 10 million or so

> Anyway, what'd prevent the application of two signatures, one covering
> the static data, the other (which can use an on-line, lower quality
> signing key) including the replay protection stuff?

I still end up having to sign the RequestID.


Received on Monday, 3 February 2003 12:19:30 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 23:07:23 UTC