Hello, On Thu, Aug 25, 2011 at 4:58 PM, Hugo Vazquez Carames <[email protected]> wrote:
>> Well, in my understanding, it should be implement as an uWSGI, FastCGI or >> SCGI application. The feature is too specific to be part of a general >> purpose Web server my default. > > Do you really think it is too specific? OCSP validation is a core part of > the trust chain of client certificate validation... Anyway, I deeply respect > your opinion. > Think about the increasing number of countries using Electronic National > Identity Cards, and how you can help building a more secure web > environment... We, at work, use something like this[1] with the OCSP servers of DNIe (Electronic National Identity Cards in Spain). Anyway, IMHO, I think it could be interesting to have as an option... No overload on the ssl handshake if you don't enable it, doesn't it? [1] http://php.net/manual/en/book.openssl.php#85444 -- Saludos: Antonio Pérez _______________________________________________ Cherokee mailing list [email protected] http://lists.octality.com/listinfo/cherokee
