[cabfpub] Revocation and Certificate Issue
Gervase Markham
gerv at mozilla.org
Wed Jun 4 12:09:19 MST 2014
On 02/06/14 19:58, Phillip Hallam-Baker wrote:
> I also note that (2) has the same imposition on the server as a short
> lived cert. After all, an OCSP token is kindof like a short lived cert.
> Which means that in my view any long term solution to revocation has to
> be based on short lived certs for end entity certificates plus a CRLSet
> for the intermediate certs (which is not a scaling issue as they should
> never be revoked in normal circumstances).
Why could it not be based on OCSP stapling + must table for end entity
certificates and CRLSets for intermediate certs?
Gerv
More information about the Public
mailing list