[cabfcert_policy] NISTIR p.3, ll. 22-24 - OCSP responders

[Ben Wilson]

The draft NISTIR says that "A CSS shall assert all the policy OIDs for which it is authoritative".  Does it really need to say this?  Similarly, does the NISTIR really need to have the next sentence, which says, "OCSP servers that are locally trusted, as described in [RFC2560], are not covered by this policy."

What does the first sentence say?  (I think it means to say, "a CSS shall be capable of responding ...")

Is the second sentence just an attempt to carve out something that is specific to the client-centric model using SCVP used by US agencies rather than the web PKI?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/policyreview/attachments/20140721/57bfb3ed/attachment.html