Olle Mulmo wrote: > To avoid confusion: Please make use of proper terminology when such is > defined (for once). OK, in fact we are attaching a corrected version of the working document that includes a section called "Definitions", precisely to use a common technical vocabulary. Also according to our last email, we've deleted references to the "OCSP Extensions" proposal. > > The proper name for the "trust chaining" scenario is called > "Authorized responder", and the authorization is marked by the CA via > the inclusion of the ocsp-signing extended key usage. Thanks, we've already included this in the "Definitions" section. > [...] > > One responder being authorized by multiple CAs is a perfectly legal > and reasonably common mode of operation. I know of at least one > commercial software (the one that I wrote...) that supports both the > case of all CAs signing a single key pair, and the responder having > multiple signing keys simultaneously, selecting the appropriate on > depending on which certificate that status is requested for. We agree, it is also the same implementation that we've done at CertiVeR. > > /Olle Best regards, Jesus & Oscar.
Attachment:
OCSP_Requirements_for_Grids_jlg.doc
Description: MS-Word document