[cabfpub] Ballot[80] - BR Response for non-issued certificates
Yngve N. Pettersen (Developer Opera Software ASA)
yngve at opera.com
Mon Jul 23 19:33:34 UTC 2012
On Mon, 23 Jul 2012 21:23:33 +0200, Eddy Nigg (StartCom Ltd.)
<eddy_nigg at startcom.org> wrote:
>
> On 07/23/2012 07:55 PM, From Rick Andrews:
>> This gives me another reason to vote against this proposal - it
>> doesn't include that statement. If that is your intent (eliminate the
>> use of CRL-based OCSP responders) or if that is the practical effect
>> of your proposal, I believe it should be spelled out clearly in the
>> proposal for all to see and understand.
>
> I think it's absolutely not relevant how or on what (technically) the
> OCSP response is based as long as the response is correct. It can be a
> combination of different DBs or lists. We would vote against it if it
> explicitly states that a CRL can not be used.
The OCSP responders Rick is talking about does not have DB access, they
can only use the CRL as a source for their responses. That means that any
certificate serial number not explicitly revoked is good, even if it has
never been issued.
--
Sincerely,
Yngve N. Pettersen
********************************************************************
Senior Developer Email: yngve at opera.com
Opera Software ASA http://www.opera.com/
Phone: +47 23 69 32 60 Fax: +47 23 69 24 01
********************************************************************
More information about the Public
mailing list