On 27/11/13 13:27, Tim Moses wrote:
Hi Rob. I would say "yes" to this if we thought it might uncover an issue that
needed fixing. Otherwise, we might just be creating a lot of extra work for little
benefit.
What do you think? All the best. Tim.
I have no idea if this would uncover any issues that would need fixing.
But if we're going to scrutinize the commercial software, why wouldn't
we also scrutinize the in-house software?
In-house software isn't any less likely to contain bugs just because it
isn't sold commercially!
On Nov 27, 2013, at 5:08 AM, "Rob Stradling" <[email protected]> wrote:
On 26/11/13 23:46, Rick Andrews wrote:
Folks,
I’m thinking we should also send the survey to vendors of OCSP Responder
software. I know of CoreStreet, and I’ve heard tell of others, but I
don’t know who they are.
Hi Rick. Some CAs have written their own OCSP Responder software in-house. Since it's
for their own use, they're not acting as "vendors", but nonetheless I'd say
that the behaviour of this software is of just as much interest as the behaviour of, say,
Corestreet's software.
Perhaps we need to send the survey to every publicly-trusted CA!
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
_______________________________________________
wpkops mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/wpkops
