[caops-wg] Which OCSP responder to trust?

Jesus Luna jluna at ac.upc.edu
Wed Jan 25 10:47:55 CST 2006 

Hol@ all,
Before replying to Mike's last email I'd like to take the chance and 
elaborate a little about the OCSP Policy mentioned in the following text....

Mike Helm wrote:

>Jesus Luna writes:
>  
>
>>In slide 4 of the presentation "OCSP-GGF15.ppt"  three different OCSP 
>>discovery mechanisms are mentioned to validate user and Proxy 
>>Certificates; in this case we agree with them (in fact the first two are 
>>referenced in some way in secton "4.4 Responder discovery"), however it 
>>could be convenient to mention also the possibility of using the 
>>multicited OCSP Policy to accomplish such configuration at the relying 
>>    
>>
>
>What is the "multicited OCSP policy"?
>  
>
In this document we have been referencing a way to configure the set of 
Grid OCSP options
to use in these environments. According to section "9. Other 
considerations", such rules could be
contained into what we have mentioned in our response as "OCSP policy" 
and furthermore has been
implemented in OGRO as the "OCSP Validation Policy" which is explained 
in the following page:
http://globus-grid.certiver.com/info/ogro/download.html
Under the header: "Building customized OCSP Validation Policies in OGRO"

We have found it to be a good option to customize the behaviour of your 
Grid OCSP client taking into
consideration all the parameters that "play in this field".

Such policy is still "in diapers" (as we use to say in spanish!) which 
means that it is in a very, very early
stage and furthermore the version in the Web page doesn't contain the 
"prevalidation" concept mentioned
in one of our previous emails, however we expect to further enhance it 
as community comments arrive   ;)

Salut,

-- 

<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
o o o Jesus Luna Garcia         |   Polytechnic University of Catalonia
o o o PhD Student               |   Department of Computer Architecture
o o o phone:  +34 93 401 7187   |   Campus Nord. www.ac.upc.es
U P C fax:    +34 93 401 7055   |   C/Jordi Girona 1-3, Modul D6-116
      E-mail: jluna at ac.upc.es   |   Barcelona 08034 SPAIN
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>

More information about the caops-wg mailing list