[Servercert-wg] Discussion Period Begins - Ballot SC-063: “Make OCSP Optional and Incentivize Automation”

Aaron Gable aaron at letsencrypt.org
Tue May 2 20:44:09 UTC 2023


Fair enough, thanks for the info! I'm convinced that explicitly disallowing
indirect CRLs in this ballot is fine.

Aaron

On Tue, May 2, 2023 at 2:00 AM Dimitris Zacharopoulos (HARICA) <
dzacharo at harica.gr> wrote:

>
>
> On 27/4/2023 8:57 μ.μ., Aaron Gable via Servercert-wg wrote:
> > I believe that CAs have generally found that Delegated OCSP Signers
> > cause more trouble than they're worth, and the same is likely true for
> > Delegated CRL Issuers
>
> Hello Aaron,
>
> I don't think there is evidence to support this claim about delegated
> OCSP Signers. I am aware of a number of CAs that still use and prefer
> the delegated OCSP responder model over the pre-signed responses model.
>
> However, I am not aware of any CA that uses delegated CRL issuers and
> perhaps it's not even supported by the existing Browsers.
>
>
> Thanks,
> Dimitris.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20230502/bc954077/attachment.html>


More information about the Servercert-wg mailing list