I have what may be a well tread topic in the nuances of OCSP Stapling - but after having it posed to me I realized I did not know the answer. Thus, I ask publicly in the hope that there is a simple answer I can point to in the future.
If a CA uses a delegated signer for OCSP, and a website delivers an OCSP Staple... How does the user (talking only to the website) get - The Delegated Signing Cert (which is presumably an Intermediate off a Trust Root) - The revocation information for *that* Intermediate cert thanks, tom _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
