On Fri, Sep 20, 2019 at 9:58 AM Rob Stradling <r...@sectigo.com> wrote:

> On 19/09/2019 21:01, Ryan Sleevi wrote:
> <snip>
> >     It would be helpful for one of the relevant documents, or another
> >     document, or even an errata, to clarify that OCSP services can be
> >     offered for pre-certificates.  It’s merely a question of clarifying
> >     the technical requirements about how an OCSP service should operate,
> >     as those requirements currently can be read to not allow OCSP
> >     responses for non-certificates.
> >
> >
> > I'm still not sure I agree with the conflict, which is the key. In
> > either event, we're arguably discussing a profile / the operational
> > constraints specific to a given CA, and not something general with the
> > protocol. Whether or not a pre-certificate is treated as equivalent
> > issuance is, ultimately, a policy question.
> Tim, Ryan,
> I just started a thread on the TRANS list about this.  Please could I
> ask you to take this discussion there?

I've replied there as to why I think it belongs here, and is inappropriate
for there.
dev-security-policy mailing list

Reply via email to