[cabfcert_policy] NISTIR p.3, ll. 22-24 - OCSP responders
Ben Wilson
Ben.Wilson at digicert.com
Mon Jul 21 15:36:20 MST 2014
The draft NISTIR says that "A CSS shall assert all the policy OIDs for which it is authoritative". Does it really need to say this? Similarly, does the NISTIR really need to have the next sentence, which says, "OCSP servers that are locally trusted, as described in [RFC2560], are not covered by this policy."
What does the first sentence say? (I think it means to say, "a CSS shall be capable of responding ...")
Is the second sentence just an attempt to carve out something that is specific to the client-centric model using SCVP used by US agencies rather than the web PKI?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/policyreview/attachments/20140721/57bfb3ed/attachment.html
More information about the Policyreview
mailing list