RV: [caops-wg] Re: Grid OCSP proposal
Oscar Manso
o.manso at certiver.com
Mon Mar 21 04:45:29 CST 2005
Olle Mulmo wrote:
> To avoid confusion: Please make use of proper terminology when such is
> defined (for once).
OK, in fact we are attaching a corrected version of the working document
that includes a section called "Definitions", precisely to use a common
technical vocabulary. Also according to our last email, we've deleted
references to the "OCSP Extensions" proposal.
>
> The proper name for the "trust chaining" scenario is called
> "Authorized responder", and the authorization is marked by the CA via
> the inclusion of the ocsp-signing extended key usage.
Thanks, we've already included this in the "Definitions" section.
> [...]
>
> One responder being authorized by multiple CAs is a perfectly legal
> and reasonably common mode of operation. I know of at least one
> commercial software (the one that I wrote...) that supports both the
> case of all CAs signing a single key pair, and the responder having
> multiple signing keys simultaneously, selecting the appropriate on
> depending on which certificate that status is requested for.
We agree, it is also the same implementation that we've done at CertiVeR.
>
> /Olle
Best regards,
Jesus & Oscar.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OCSP_Requirements_for_Grids_jlg.doc
Type: application/msword
Size: 125440 bytes
Desc: not available
Url : http://www.ogf.org/pipermail/caops-wg/attachments/20050321/96b0a015/attachment.doc
More information about the caops-wg
mailing list