[cabfpub] OCSP Requirement for Root CA
Ryan Sleevi
sleevi at google.com
Wed Jan 13 18:15:14 UTC 2016
On Wed, Jan 13, 2016 at 10:03 AM, Ben Wilson <ben.wilson at digicert.com>
wrote:
> Is the requirement really clear? Some browsers don't check OCSP for
> intermediates and use CRLs instead.
So? The BRs themselves are clear it's a requirement. I mean, if we want to
change to discuss that practical reality, we certainly can, but we should
at least honor the rules as written.
Section 4.9.10 makes that clear. 7.1.2.2 item c also makes this clear.
> I can't remember our exact discussion of this, but at one time didn't we
> determine that OCSP for intermediates was a "SHOULD" not a "MUST" and then
> we changed it to a "MUST"?
>
That's not captured in the BRs. That's not to say it couldn't be, but
that's not what it is in the BRs at present.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160113/b87e9dc7/attachment-0003.html>
More information about the Public
mailing list