Hi,
I am also working on ocsp (not yet but soon;-). I do not well understand
what the ldap is doing in this and what you mean exactly.
You need 2 thing for ocsp:
1/ A client that is oscp aware. That could be mod_ssl patched to be ocsp
aware.
2/ An ocsp server. That could be a cgi (or php script) able to create
ocsp response and decode ocsp request. This could be easily done with
openssl but has nothing to do with mod_ssl.
As you seem to write the part 1 with mod_ssl as client, probably you
will use http as transport protocol for ocsp too ? Why use ldap.
For the part 2 you could use an internal ldap, (or even beter, a sql DB)
(behind a firewall !!) but using a public ldap as main repository for
certificate status seems ... not secure or at least less secure than
ocsp could be. The data source for status should be 'trusted' and it is
not the meaning of a public directory.
It just my idea but of course you do what you want about it.
Marc
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
