>> The second is, I think, that the EAP server (Authentication Server), would >> run >> an OCSP responder locally so that it can mint it's own staples. >> AFAIK, each certificate can point to a different OCSP signer. > > Does anyone actually do that?
I am aware of some places that generate an OCSP response for the entire population of certificates, and those responsed are distributed to many locations. I am not aware of anyone that distributes the OCSP responder signature private key to multiple locations. Russ _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu