OK, I'm creating a separate section of questions for OCSP Responders, and aside from the boilerplate 'what versions are in use' question, I have:
- Does your product support RFC 6277, OCSP Algorithm Agility? - Does your product support Lightweight OCSP (RFC 5019)? - What is the behavior if a request is made for a certificate serial number that had not been issued? Any others? -Rick > -----Original Message----- > From: Rob Stradling [mailto:[email protected]] > Sent: Thursday, November 28, 2013 3:00 AM > To: Tim Moses > Cc: [email protected]; Rick Andrews; Ben Laurie > Subject: Re: [wpkops] OCSP Responder Vendors > > On 27/11/13 15:43, Tim Moses wrote: > > Hi Rob. I can't argue with that. > > > > But, isn't our focus more on design choices than implementation > flaws? After all, IETF can help fix problems with protocol design and > configuration, but there is less they can do about bugs. > > > > Generally, I would be supportive of gathering more (rather than less) > information. But, I am also acutely aware that we have to finish the > project on schedule, and we are reliant on the good will of busy > people. > > > > Having said all that, I don't object to sending the survey to all the > CAs in the usual trust anchor lists. > > Hi Tim. Google may soon conduct a survey of all the publicly-trusted > CAs to find out what CA software and OCSP software each CA is using, in > order to find out which CA/OCSP software will need to be updated to > support various features of Certificate Transparency (RFC6962). > > I asked Ben Laurie about this yesterday, and he said he might kick off > a > survey as early as next week. (CC'ing Ben). > > If Google do their survey first, then this will hopefully yield a full > list of OCSP software authors for WPKOPS to survey. :-) > > > But, I wouldn't necessarily give high priority to chasing responses > and analyzing them. > > > > I'm also happy to defer to the group if this is generally viewed to > be of higher priority. > > > > All the best. Tim. > > > >> On Nov 27, 2013, at 9:30 AM, "Rob Stradling" > <[email protected]> wrote: > >> > >>> On 27/11/13 13:27, Tim Moses wrote: > >>> Hi Rob. I would say "yes" to this if we thought it might uncover > an issue that needed fixing. Otherwise, we might just be creating a > lot of extra work for little benefit. > >>> > >>> What do you think? All the best. Tim. > >> > >> I have no idea if this would uncover any issues that would need > fixing. > >> > >> But if we're going to scrutinize the commercial software, why > wouldn't we also scrutinize the in-house software? > >> > >> In-house software isn't any less likely to contain bugs just because > it isn't sold commercially! > >> > >>>>> On Nov 27, 2013, at 5:08 AM, "Rob Stradling" > <[email protected]> wrote: > >>>>> > >>>>> On 26/11/13 23:46, Rick Andrews wrote: > >>>>> Folks, > >>>>> I'm thinking we should also send the survey to vendors of OCSP > Responder > >>>>> software. I know of CoreStreet, and I've heard tell of others, > but I > >>>>> don't know who they are. > >>>> > >>>> Hi Rick. Some CAs have written their own OCSP Responder software > in-house. Since it's for their own use, they're not acting as > "vendors", but nonetheless I'd say that the behaviour of this software > is of just as much interest as the behaviour of, say, Corestreet's > software. > >>>> > >>>> Perhaps we need to send the survey to every publicly-trusted CA! > >> > >> -- > >> Rob Stradling > >> Senior Research & Development Scientist > >> COMODO - Creating Trust Online > >> > > _______________________________________________ > > wpkops mailing list > > [email protected] > > https://www.ietf.org/mailman/listinfo/wpkops > > > > -- > Rob Stradling > Senior Research & Development Scientist > COMODO - Creating Trust Online > Office Tel: +44.(0)1274.730505 > Office Fax: +44.(0)1274.730909 > www.comodo.com > > COMODO CA Limited, Registered in England No. 04058690 > Registered Office: > 3rd Floor, 26 Office Village, Exchange Quay, > Trafford Road, Salford, Manchester M5 3EQ > > This e-mail and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are > addressed. If you have received this email in error please notify the > sender by replying to the e-mail containing this attachment. Replies to > this email may be monitored by COMODO for operational or business > reasons. Whilst every endeavour is taken to ensure that e-mails are > free > from viruses, no liability can be accepted and the recipient is > requested to use their own virus checking software. _______________________________________________ wpkops mailing list [email protected] https://www.ietf.org/mailman/listinfo/wpkops
