On 19/09/2019 21:01, Ryan Sleevi wrote:
>     It would be helpful for one of the relevant documents, or another
>     document, or even an errata, to clarify that OCSP services can be
>     offered for pre-certificates.  It’s merely a question of clarifying
>     the technical requirements about how an OCSP service should operate,
>     as those requirements currently can be read to not allow OCSP
>     responses for non-certificates.
> I'm still not sure I agree with the conflict, which is the key. In 
> either event, we're arguably discussing a profile / the operational 
> constraints specific to a given CA, and not something general with the 
> protocol. Whether or not a pre-certificate is treated as equivalent 
> issuance is, ultimately, a policy question.

Tim, Ryan,

I just started a thread on the TRANS list about this.  Please could I 
ask you to take this discussion there?

Rob Stradling
Senior Research & Development Scientist
Sectigo Limited

dev-security-policy mailing list

Reply via email to