>Nit-pick: The spec says that one of the listed keys must be used.
>by the same token it means that _any_ of listed signings is valid.
No, you are mis-reading the spec. It is like saying "the key must be
one of red, yellow, or blue." That sentence in particular places no
burden on what clients accept. In particular, choice #2 -- "a trusted
responder known by the client" -- allows the client complete freedom
in determining what OCSP signer it trusts.
>IF Netscape _required_ the the first varient, and -rejected- anything
>using varients 2 or 3, then Netscape is not following the specification.
>Which is what the previous writer sems to be implying.
The original writer was surprised that Netscape accepted only the silliest
of the three methods.
/r$
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
