[cabfpub] Fwd: [pkix] Straw-poll on OCSP responses for non-revoked certificates.
Ben Wilson
ben at digicert.com
Wed Oct 31 20:32:51 UTC 2012
If a modification of RFC 2560 allows an extension to change the meaning of a “1” response to something else. It was you who said “[it] might be good, …, either due to migration and update time or other reasons (out-of-sync cor whatever).” See http://en.wikipedia.org/wiki/Semantic_change.
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Eddy Nigg (StartCom Ltd.)
Sent: Wednesday, October 31, 2012 12:58 PM
To: public at cabforum.org
Subject: Re: [cabfpub] Fwd: [pkix] Straw-poll on OCSP responses for non-revoked certificates.
On 10/31/2012 08:28 PM, From Ben Wilson:
I don’t think clients should cache an OCSP response forever. If the client thinks that the OCSP response of revoked was incorrect, it should query again and if the OCSP response says “good” then this is not an issue.
Ohommm...does your policy allow to do that? I mean, can you change a revoked to valid?
Regards
Signer:
Eddy Nigg, COO/CTO
StartCom Ltd. <http://www.startcom.org>
XMPP:
startcom at startcom.org
Blog:
Join the Revolution! <http://blog.startcom.org>
Twitter:
Follow Me <http://twitter.com/eddy_nigg>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20121031/128cc3f6/attachment-0004.html>
More information about the Public
mailing list