Hi,
> -----Original Message----- > From: Jean-Marc Desperrier [mailto:[EMAIL PROTECTED] > Sent: Thursday, February 12, 2004 9:16 AM > To: [EMAIL PROTECTED] > Subject: Re: On turning CRL and OCSP checking on by default. > > > Deacon, Alex wrote: > > If an OCSP response has both a thisUpdate and a nextUpdate > value then yes, > > it is a good idea. > > The new, enhanced, internally based on CRL, Verisign OCSP > responder uses > that ? Yes, the new responder will include a nextUpdate, however it is not based on the CRL. (i.e. there is no relationship between the OCSP response dates and the dates in the CRL.) > The old one had no nextUpdate, and a thisUpdate generated for each > request, so locally caching it wasn't really adequate. Correct and agreed. Alex > _______________________________________________ > mozilla-crypto mailing list > [EMAIL PROTECTED] > http://mail.mozilla.org/listinfo/mozilla-> crypto > _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
