[caops-wg] OCSP - proxy certs
Mike Helm
helm at fionn.es.net
Tue May 31 13:09:19 CDT 2005
Olle Mulmo writes:
> I would say that your responder got confused up by the proxy certs.
> Possbily also that that it is one of the responders that cannot handle
> multi-certificate requests (array count > 1).
I think (guess) it is more likely the latter, but don't know.
I will try to rig up some kind of test that can see what
our demo OCSP responder can do with a couple chained CA's
and an EE cert (probably as close as ESnet can get rite now).
I think what we should do is request developers of client and
OCSP server code support properly parsed multiple cert
OCSP requests but recommend against using them. This sounds
ridiculous but until we fully understand how the commercial
servers work...
More information about the caops-wg
mailing list