[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [caops-wg] OCSP requirements - final(?) version uploaded

Subject: Re: [caops-wg] OCSP requirements - final(?) version uploaded
From: Mike Helm <helm@xxxxxxxxxxxx>
Date: Fri, 27 May 2005 13:58:03 -0700
Cc: Olle Mulmo <mulmo@xxxxxxxxxx>, caops-wg@xxxxxxx, dlolson@xxxxxxx
Delivered-to: grdfm-caops-wg-outgoing@mailbouncer.mcs.anl.gov
Delivered-to: grdfm-caops-wg@mailbouncer.mcs.anl.gov
In-reply-to: Your message of "Fri, 27 May 2005 13:41:03 PDT." <"duXTfD.A.hJB.wX4lCB"@fionn>
Reply-to: helm@xxxxxxxxxxxx
Sender: owner-caops-wg@xxxxxxx

Forgot 2 things:

p4
While OCSP supports querying of multiple certificates in a single request,
it is rarely used in practice or even supported in common off-the-shelf implementations

suggest
We recommend that developers of OCSP responder software for Grids support
multiple certificate queries in their products.  We enourage? recommend OCSP service
providers provide this support also.

[This is another complication that needs to be added to the discussion in 4.7;
don't think I hit it]

4.7 - discussion about delta CRL's.
This seems to be a discussion about 2 recommendations:
1) CA's - publish your CRL's directly to the (some) OCSP responder(s)
2) use delta CRL's to reduce size

Can we slim down those 2 paras to essentially say just that?

There is a need for a CRL req doc to pick up the more detailed argument.

Prev by Date: Re: [caops-wg] OCSP requirements - final(?) version uploaded
Next by Date: [caops-wg] Separating the OCSP doc comments into separate threads -- watch out!
Previous by thread: Re: [caops-wg] OCSP requirements - final(?) version uploaded
Next by thread: [caops-wg] Agendas for GGF
Index(es):
- Date
- Thread