> Do you have the object identifers for this? Do you know of any sources
> of info I can look at about this extension. I can't find any mention
> of it in RFC 2560.
See section 4.4.6 of RFC 2560 and the last few lines of appendix b.
> It is required in the root CA certs or will it
> work with it only added into the issued certs signed by the CA (so
> that the root CA certs don't need any OCSP extensions).
This confuses me. It sounds like netscape is saying
If I see a cert, and it doesn't have an OCSP service locator,
but it comes from a "root" CA, and that CA Cert has a
service locator I will query the CA's srvloc for the server
cert status.
? If so, that is a non-standard extension to defined behavior.
A cute idea, but non-standard.
/r$
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
