Date: Sat, 06 Jan 2001 08:25:57 +0100 (MET)
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: OCSP responder addresses?
From: Richard Levitte - VMS Whacker [EMAIL PROTECTED]
From: [EMAIL PROTECTED] (Peter Gutmann)
pgut001 That may be a Netscape-ism, in earlier (and possibly still
Nit-pick: The spec says that one of the listed keys must be used.
by the same token it means that _any_ of listed signings is valid.
No, you are mis-reading the spec. It is like saying "the key must be
one of red, yellow, or blue." That sentence in particular places no
burden on what clients
Richard Levitte - VMS Whacker wrote:
From: [EMAIL PROTECTED] (Peter Gutmann)
pgut001 That may be a Netscape-ism, in earlier (and possibly still
pgut001 current) versions of their OCSP client they did something
pgut001 funny like requiring that responses be signed by some CA cert
pgut001
My interpretation of this is that it does not come under the "CA
designated responder case" because the reponder certificate is signed by
the root CA and not the CA that issued the end user certificate which
would be the intermediate CA.
However I suppose I should ask this on the PKIX list
Michael StrM-vder [EMAIL PROTECTED] writes:
Dr S N Henson wrote:
So does anyone have some responder addresses I can test this stuff against?
http://www.valicert.com/ocsp/ - you might already know this...
Isn't that the one where all the certs (on the interop web page anyway) have
expired?
Peter Gutmann wrote:
Michael Ströder [EMAIL PROTECTED] writes:
Can you let me know your test OCSP responders in case they are public?
If there are any more they're pretty well hidden, the ones I know of all seem
to be either undocumented or by invitation only.
Hmm, I found some more
when I asked around at the IETF meeting in San Diego
I was told there were at least three separate interoperable
implementations, Valicert being one. Verisign should have one.
...
So does anyone have some responder addresses I can test this stuff against?
http://www.valicert.com/ocsp/ -
Rich Salz [EMAIL PROTECTED] writes:
You might look at Identrus, www.identrus.com, since their requirement for
OCSP drove many vendors, and see what partners and vendors they list.
That's one of the by-invitation-only ones (they were nice enough to let me use
it for interop testing, but I
As some may know I'm currently messing around with the OpenSSL OCSP
code.
I've reached the point where I can fire off some sample requests to
responders using some prototype code: not committed yet.
So does anyone have some responder addresses I can test this stuff
against? I currently know of
Dr S N Henson [EMAIL PROTECTED] writes:
So does anyone have some responder addresses I can test this stuff against? I
currently know of two and there must be several more out there.
That may be all there are, I was testing this a while back and had a hell of a
time finding any responders
10 matches
Mail list logo
