On 25/09/12 06:25, Ben Laurie wrote:
<snip>
Even a single OCSP Responder could potentially give different responses to
different clients, so I don't think having different Responder URLs in
different chains would create a problem that isn't already there.
This is a fair point. I guess from CT's POV so long as the problem is
made apparent, and we have an issuer to blame, revocation is somebody
else's problem.
Agreed.
To cure this problem we need revocation transparency, of course :-)
Yes!
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
_______________________________________________
therightkey mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/therightkey
