InfoMail de ArCERT wrote:
> Hi!
> I´ve been testing ocspd as an "online validator" (responder for
[...]
> wasn´t very lucky getting this bug fixed.
It is an interesting bug [1] ... it seems to me the Mozilla people are more
concerned with details than the actual usability of the NSS... one of the
biggest problems with today PKIs... it should not be that difficult to
have a simple interface for OCSP responder...
> By the way, It would be great if othre OCSP servers could be used as
> certificate status sources, besides CRLs and LDAP.
Yes, I thought about that... it would be interesting to have the capability
to use:
1 - the extension in the certificate so that the OCSP can forward the request
(but this would need the certificate - which is not passed in the OCSP
response)
2 - a new URL option, i.e. instead of using ldap://..../... one could use
ocsp://...
Currently there are no resources available to be put to work on that... but
I can add it to the TODO list...
--- Max
[1] https://bugzilla.mozilla.org/show_bug.cgi?id=338986
--
Best Regards,
Massimiliano Pala
--o------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager] [EMAIL PROTECTED]
[EMAIL PROTECTED]
Dartmouth Computer Science Dept Home Phone: +1 (603) 397-3883
PKI/Trust - Office 062 Work Phone: +1 (603) 646-9226
--o------------------------------------------------------------------------
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
OpenCA-Devel mailing list
OpenCA-Devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-devel
