Allow me to add a few points to the recent OCSP-Responder discussion:
OCSP-responder-products on the market as from our view:
Computer Associates (OCSPro: closely linked to their CA and directory),
ValiCert (Enterprise Validation Authority: trying to build up a global
validation network, only NT), CertCo (seemingly not to eager in selling
it?), SecuNet? (trying to get an evalutaion according to the german
signature act), Globalsign? (in development), VeriSign (own product?),
CeloCom? (there are rumors, that they have an OCSP-responder)
On the other hand we also developed an OCSP-Responder product called
CertControl. It is an Apache module and based on openssl-0.9.5a (with own
OCSP-code, not the new one by Steve). The product runs stable and was tested
against Baltimore CA and Toolkit, ValiCert OCSPTEST, Netscape and Syntegra
(former ControlData) Directory (to fetch CRLs). It does not contain all
features we want to see and the code is still beta (with some features very
alpha).
I was allowed to build up an alpha program where you can download the linux
and solaris binary version of our responder to test against it. Please use
the following website: http://62.159.237.22
One of the more interesting features for you is, that the responder will
write some files into the /tmp/ directory that show the last request and the
response it sent in both binary and text format. So it should be an ideal
debugging tool for you - even if it does not claim to be 100% finished right
now. If you concentrate on a simple responder functionality (no chaining,
proxying, etc.) it is fast and stable.
I think we will release the responder using some open-source license (sadly
not something BSD or GPL-stylish, but something saying "Free for
non-commercial-use", "changes shall be mailed back to us"). I will inform
you as soon as the source code is open for you to view and use it
(non-commercially).
If you like it, just use it. If you have any questions just send me an
e-mail.
--
Dipl.Inf. Florian Oelmaier
IT Security Development
secaron AG
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Peter Gutmann
> Sent: Friday, January 05, 2001 3:54 PM
> To: [EMAIL PROTECTED]
> Subject: Re: OCSP responder addresses?
>
>
> Dr S N Henson <[EMAIL PROTECTED]> writes:
>
> >So does anyone have some responder addresses I can test this
> stuff against? I
> >currently know of two and there must be several more out there.
>
> That may be all there are, I was testing this a while back and
> had a hell of a
> time finding any responders which were still operational (some
> have expired
> certs, some are there but not publicly available, and most seem
> to have either
> shut down or just gone away). I'll send a private reply with
> more info about
> a private one which let me do some testing. In the meantime if
> anyone knows
> of an active, publicly available, fully functional OCSP responder I'd be
> interested to hear about it.
>
> Peter.
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
