Since this is a survey to determine the current state of play, I think it is sensible to survey all the OCSP services that exist, regardless of who wrote the software
regards David On 27/11/2013 14:30, Rob Stradling wrote: > On 27/11/13 13:27, Tim Moses wrote: >> Hi Rob. I would say "yes" to this if we thought it might uncover an >> issue that needed fixing. Otherwise, we might just be creating a lot >> of extra work for little benefit. >> >> What do you think? All the best. Tim. > > I have no idea if this would uncover any issues that would need fixing. > > But if we're going to scrutinize the commercial software, why wouldn't > we also scrutinize the in-house software? > > In-house software isn't any less likely to contain bugs just because it > isn't sold commercially! > >>> On Nov 27, 2013, at 5:08 AM, "Rob Stradling" >>> <[email protected]> wrote: >>> >>>> On 26/11/13 23:46, Rick Andrews wrote: >>>> Folks, >>>> I’m thinking we should also send the survey to vendors of OCSP >>>> Responder >>>> software. I know of CoreStreet, and I’ve heard tell of others, but I >>>> don’t know who they are. >>> >>> Hi Rick. Some CAs have written their own OCSP Responder software >>> in-house. Since it's for their own use, they're not acting as >>> "vendors", but nonetheless I'd say that the behaviour of this >>> software is of just as much interest as the behaviour of, say, >>> Corestreet's software. >>> >>> Perhaps we need to send the survey to every publicly-trusted CA! > _______________________________________________ wpkops mailing list [email protected] https://www.ietf.org/mailman/listinfo/wpkops
