[caops-wg] OCSP section 4
Olle Mulmo
mulmo at pdc.kth.se
Thu Jun 2 17:42:49 CDT 2005
In 95%+ of the cases, I would agree with you. However, there is a
discussion about this already in Section 4.2, which concludes that we
cannot make this kind of general judgement (local Trusted responder,
Authorized responder, CRLs) for all deployment scenarios.
I suggest to change the text in 4.7, along the lines of:
In case the Unknown state is returned, it is left to local policy and
application-level logic to determine a suitable action. As a default,
we recommend that applications behave as if they would had they
received a Revoked state with revocationReason certificateHold (that
is, a temporal revocation state).
OK?
/Olle
On Jun 2, 2005, at 18:05, Oscar Manso wrote:
>
> Search revocation information in preference order
> clients should validate local Trusted OCSP responders first,
> Authorized
> OCSP responders next and then CRLs
> First final answer ends the search. (understanding by final answer a
> valid
> or invalid one).
More information about the caops-wg
mailing list