On 5/6/2014 9:36 PM, Florian Weimer wrote: > On 04/02/2014 01:19 AM, Xuelei Fan wrote: >> Here is the updated version: >> http://cr.openjdk.java.net/~xuelei/8034248/jep-csre-v01.txt >> >> Updated the description section and a few words so that it is easier to >> understand. > > I think the server side would benefit from an API which allows code to > directly supply the OCSP response to be stapled, perhaps as part of the > extended trust manager. > Typically, OCSP response is time-variant. Ideally, the response should be retrieved and updated internally, in time and automatically. For the first stage, I only want to implement the essential feature, and keep the footprint as small as possible.
Thanks, Xuelei
