<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
On 10/30/2012 11:47 PM, From Eddy Nigg (StartCom Ltd.):
<blockquote cite="mid:50904AF0.2060408@startcom.org" type="cite">
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
Neither - an OCSP responder should respond with "Unknown" or
"Unauthorized" in case the certificate is unknown. Or either
"Good" or "Revoked" for known ones.<br>
<br>
Rational - responding "Revoked" for a certificate that might be
good, is incorrect, either due to migration and update time or
other reasons (out-of-sync cor whatever). Clients may cache
revoked responses forever, revoked certificates are never
unrevoked.<br>
</blockquote>
<br>
I hope the folks from the PKIX forum follow the CAB Forum public
list - it wasn't obvious to me that this mail was forwarded. Well,
well... :-)<br>
<br>
<br>
<div class="moz-signature">
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td colspan="2">Regards </td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
<tr>
<td>Signer: </td>
<td>Eddy Nigg, COO/CTO</td>
</tr>
<tr>
<td> </td>
<td><a href="http://www.startcom.org">StartCom Ltd.</a></td>
</tr>
<tr>
<td>XMPP: </td>
<td><a href="xmpp:startcom@startcom.org">startcom@startcom.org</a></td>
</tr>
<tr>
<td>Blog: </td>
<td><a href="http://blog.startcom.org">Join the Revolution!</a></td>
</tr>
<tr>
<td>Twitter: </td>
<td><a href="http://twitter.com/eddy_nigg">Follow Me</a></td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
</tbody>
</table>
</div>
<br>
</body>
</html>