I think Oscar's a bit confused. Richard wants to say This is the cert of the OCSP responder I trust and that *is all* he wants to say. He does not want/need to verify the chain of certs from the responder. (It could be self-signed, it could be he has out of band information, etc.) In my experiences, Richard's use model is the most common method of OCSP deployments. Stephen's comments about adding the CA to the trust list are a bit worrisome. /r$ ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
- Re: cvs commit: openssl/crypto/ocsp ocsp.h o... Richard Levitte - VMS Whacker
- Re: cvs commit: openssl/crypto/ocsp ocs... Dr S N Henson
- Re: cvs commit: openssl/crypto/ocsp ocs... Richard Levitte - VMS Whacker
- Re: cvs commit: openssl/crypto/ocsp ocs... Oscar Jacobsson
- Re: cvs commit: openssl/crypto/ocsp... Richard Levitte - VMS Whacker
- Re: cvs commit: openssl/crypto/ocsp ocs... rsalz
- Re: cvs commit: openssl/crypto/ocsp... Richard Levitte - VMS Whacker
- Re: cvs commit: openssl/crypto/ocsp... Oscar Jacobsson
- Re: cvs commit: openssl/crypto/ocsp ocs... Dr S N Henson
- Re: cvs commit: openssl/crypto/ocsp ocs... Richard Levitte - VMS Whacker
- Re: cvs commit: openssl/crypto/ocsp... Dr S N Henson
- Re: cvs commit: openssl/crypto/ocsp ocs... Richard Levitte - VMS Whacker
- Re: cvs commit: openssl/crypto/ocsp ocs... Dr S N Henson
- Re: cvs commit: openssl/crypto/ocsp... Richard Levitte - VMS Whacker