On 2013-12-26 17:20, Richard Barnes wrote: > No, you're not reading improperly, they don't exist. > > It seems like you could define a "crl" or "ocsp" attribute to carry them, > though. Should be a short Internet-draft.
Thanx Richard! https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox Apart from the privacy issue which mainly relates to users, revocation information stapling should also reduce the need for keeping an additional HTTP port open in sever-to-server scenarios like for e-invoicing and e-payments. If I have the time I may add it to JCS which is my current priority item. A preliminary spec (that should also fit JWS) is that optional OCSP or CRL properties must be supplied as arrays of blobs (ASN.1 DER structures) with length <= number of certificates in the path ("x5c" in JWS) and where each revocation blob is supposed to be on the array-wise matching position with respect to the certificate path array. Maybe a bit "hackish" but quite simple to implement. Finesse? Who cares :-) Anders > > --Richard > > > On Thu, Dec 26, 2013 at 8:29 AM, Anders Rundgren > <[email protected] <mailto:[email protected]>> wrote: > > Pardon me all, > but I couldn't find any information about OCSP stapling or CRL bags in > the JOSE docs. > I guess I'm just not reading properly? > > Cheers > Anders > _______________________________________________ > jose mailing list > [email protected] <mailto:[email protected]> > https://www.ietf.org/mailman/listinfo/jose > > _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
