[cabfpub] Fwd: [pkix] Straw-poll on OCSP responses for non-revoked certificates.

Eddy Nigg (StartCom Ltd.) eddy_nigg at startcom.org
Wed Oct 31 11:57:38 MST 2012


On 10/31/2012 08:28 PM, From Ben Wilson:
>  I don’t think clients should cache an OCSP response forever.  If the 
> client thinks that the OCSP response of revoked was incorrect, it 
> should query again and if the OCSP response says “good” then this is 
> not an issue.

Ohommm...does your policy allow to do that? I mean, can you change a 
revoked to valid?


Regards
Signer: 	Eddy Nigg, COO/CTO
	StartCom Ltd. <http://www.startcom.org>
XMPP: 	startcom at startcom.org <xmpp:startcom at startcom.org>
Blog: 	Join the Revolution! <http://blog.startcom.org>
Twitter: 	Follow Me <http://twitter.com/eddy_nigg>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://cabforum.org/pipermail/public/attachments/20121031/2428f5ce/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4540 bytes
Desc: S/MIME Cryptographic Signature
Url : http://cabforum.org/pipermail/public/attachments/20121031/2428f5ce/attachment.bin 


More information about the Public mailing list