Anne & Lynn Wheeler <[EMAIL PROTECTED]> writes: >If you started suggesting that OCSP should start returning actual, >useful information, then somebody might conclude that you get rid of >the certificates all together and just go to a real online transaction >(instead of a psuedo offline infrastructure with most of the downside >of being offline but having most of the overhead of also having online >transaction).
I actually suggested updating OCSP to provide true live status information (akin to the accepted/declined response in CC transactions) a few years ago, but this was violently rejected by PKIX members because that's Not How X.509 Works. One list member in particular became almost hysterical over the suggestion, going so far as to privately petition the WG chair to have the proposal killed (it's public record on the PKIX mailing list, although some of the more extreme hysterics occured in private mail). Peter. _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
