Just a quick thought, that I don't want to lose. Maybe it would be a reasonable middle-ground to define: - for intermediate CAs, OCSP information is published in DNS - for servers, we use OCSP stapling
(Rob, thanks for your response, I'm still digesting.) Regards Kai -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto