[cabfpub] Ballot[80] - BR Response for non-issued certificates

Yngve N. Pettersen (Developer Opera Software ASA) yngve at opera.com
Mon Jul 23 19:33:34 UTC 2012

On Mon, 23 Jul 2012 21:23:33 +0200, Eddy Nigg (StartCom Ltd.)  
<eddy_nigg at startcom.org> wrote:

> On 07/23/2012 07:55 PM, From Rick Andrews:
>> This gives me another reason to vote against this proposal - it
>> doesn't include that statement. If that is your intent (eliminate the
>> use of CRL-based OCSP responders) or if that is the practical effect
>> of your proposal, I believe it should be spelled out clearly in the
>> proposal for all to see and understand.
> I think it's absolutely not relevant how or on what (technically) the
> OCSP response is based as long as the response is correct. It can be a
> combination of different DBs or lists. We would vote against it if it
> explicitly states that a CRL can not be used.

The OCSP responders Rick is talking about does not have DB access, they  
can only use the CRL as a source for their responses. That means that any  
certificate serial number not explicitly revoked is good, even if it has  
never been issued.

Yngve N. Pettersen
Senior Developer		     Email: yngve at opera.com
Opera Software ASA                   http://www.opera.com/
Phone:  +47 23 69 32 60              Fax:    +47 23 69 24 01

More information about the Public mailing list