alexandru matei wrote:
I think too that the second alternative is the better one. The reason is simply performance and portability. An OCSPD must answer many requests in big organizations and an additional index.txt is the fastest solution.2. Having OpenCA to write an additional index.txt when a certificate status is modified and having the daemon to reload the index.txt file when this occours.I think that the best approach is the second one. And probably this will solve some problems regarding the sincronization of the imported-exported certificates (Michael, is it?). I also think that the index should be done in export-import.lib at export or import from RA. In this way we can have cosistent informations about certificates existent in RA and CA databases and their status. This can ease certificates sincronization between RA and CA.
The import/export-problem is not solved by this index.txt because this index.txt must be updated by the RA too if a certificate is suspended. OCSP defines a question "is certificate 123 valid". If the certificate 123 is suspended then the answer must be "no". So export/import is not the component which updates this index.txt.
I think that the index.txt should have the format of OpenSSL, right Max?
Michael
--
-------------------------------------------------------------------
Michael Bell Email (private): [EMAIL PROTECTED]
Rechenzentrum - Datacenter Email: [EMAIL PROTECTED]
Humboldt-University of Berlin Tel.: +49 (0)30-2093 2482
Unter den Linden 6 Fax: +49 (0)30-2093 2959
10099 Berlin
Germany http://www.openca.org
-------------------------------------------------------
This sf.net emial is sponsored by: Influence the future of Java(TM) technology. Join the Java Community Process(SM) (JCP(SM)) program now. http://ad.doubleclick.net/clk;4699841;7576301;v?
http://www.sun.com/javavote
_______________________________________________
OpenCA-Devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-devel
