From: Dr S N Henson <[EMAIL PROTECTED]> drh> > :-) Actually, for the "Trusted Responder" case, one shouldn't even drh> > need to handle an OCSP signing certificate. Read that line again, all drh> > it says is "pubkey". It says absolutely nothing about certificates in drh> > that particular case. I could as well configure my client software drh> > with a key.pem that contains exactly this: drh> > drh> > -----BEGIN PUBLIC KEY----- drh> > ... drh> > drh> > -----END PUBLIC KEY----- drh> > drh> > ... and it should be happy with that. That's what RFC2560 really drh> > implies. One would just do it via certificates because it's more drh> > comfortable that way... drh> > drh> drh> There are also problems with just using public keys. You need some way drh> to determine which public key signed the OCSP response. If the response drh> doesn't include the signer's certificate and it is identified by the drh> subject name (which is true in all the examples I've seen so far) then drh> you can't do that with just the public key. Of course not. On the other hand, the OCSP servers I've seen being set up with this mechanism always used byKey, never byName (IIRC). -- Richard Levitte \ Spannv�gen 38, II \ [EMAIL PROTECTED] Chairman@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 Redakteur@Stacken \ SWEDEN \ or +46-709-50 36 10 Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Software Engineer, Celo Communications: http://www.celocom.com/ Unsolicited commercial email is subject to an archival fee of $400. See <http://www.stacken.kth.se/~levitte/mail/> for more info. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: cvs commit: openssl/crypto/ocsp ocsp.h ocsp_err.c ocsp_vfy.c
Richard Levitte - VMS Whacker Tue, 23 Jan 2001 19:24:55 -0800
- Re: cvs commit: openssl/crypto/ocsp ocsp.h o... Oscar Jacobsson
- Re: cvs commit: openssl/crypto/ocsp ocs... Richard Levitte - VMS Whacker
- Re: cvs commit: openssl/crypto/ocsp ocsp.h o... rsalz
- Re: cvs commit: openssl/crypto/ocsp ocs... Richard Levitte - VMS Whacker
- Re: cvs commit: openssl/crypto/ocsp ocs... Oscar Jacobsson
- Re: cvs commit: openssl/crypto/ocsp ocsp.h o... Dr S N Henson
- Re: cvs commit: openssl/crypto/ocsp ocsp.h o... Richard Levitte - VMS Whacker
- Re: cvs commit: openssl/crypto/ocsp ocs... Dr S N Henson
- Re: cvs commit: openssl/crypto/ocsp ocsp.h o... Richard Levitte - VMS Whacker
- Re: cvs commit: openssl/crypto/ocsp ocsp.h o... Dr S N Henson
- Richard Levitte - VMS Whacker
