[cabfpub] OCSP Stapling and Short-Lived Certificates Proposal
Eddy Nigg (StartCom Ltd.)
eddy_nigg at startcom.org
Mon Mar 25 13:19:37 MST 2013
On 03/25/2013 06:44 PM, From Phillip:
> * The first date on which the subject was validated by the issuer (aka Member Since)
> * The most recent date on which the subject was validated by the issuer (aka Last validated)
> * The most recent date at which the issuer is known to have reported valid status (Last status)
Can you tell me where exactly this information is present upon on which
a client (software or human) should make such a decision? If you can't,
how can this in any way affect a client's decision at all?
> Since we already allow for a delay in issue of status information it seems perfectly acceptable to assume that cert status is valid within a short time window of issue.
Those are two completely different things - positive or negative status
information doesn't equal the same thing as certificate issuance and we
can't make the assumption above. Status information is one thing and
certificate issuance another.
> If we look at what we have to do server side for OCSP stapling and what we have to do for short lived certs it is essentially the same.
I made my point on that already, so I spare you my repeating replies on
this... :-)
Regards
Signer: Eddy Nigg, COO/CTO
StartCom Ltd. <http://www.startcom.org>
XMPP: startcom at startcom.org <xmpp:startcom at startcom.org>
Blog: Join the Revolution! <http://blog.startcom.org>
Twitter: Follow Me <http://twitter.com/eddy_nigg>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20130325/13568329/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4540 bytes
Desc: S/MIME Cryptographic Signature
Url : https://cabforum.org/pipermail/public/attachments/20130325/13568329/attachment.bin
More information about the Public
mailing list