Using OCSP transfer the complexity of CRL processing from all clients to
a few servers. Entrust believes in CRLs :), so I don't think they have
an OCSP responder. You'd need to find one that understood the various
CRL extensions used by Entrust. (Or implement it yourself for your
clients, of course.) As for how to find such a product, I would post a
brief note on the IETF PKIX mailing list askign for pointers to a
product that can handle the various Entrust CRLs.
/r$
--
Zolera Systems, Your Key to Online Integrity
Securing Web services: XML, SOAP, Dig-sig, Encryption
http://www.zolera.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
