I think Oscar's a bit confused. Richard wants to say
This is the cert of the OCSP responder I trust
and that *is all* he wants to say. He does not want/need to verify the
chain of certs from the responder. (It could be self-signed, it
could be he has out of band information, etc.) In my experiences,
Richard's use model is the most common method of OCSP deployments.
Stephen's comments about adding the CA to the trust list are a bit
worrisome.
/r$
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
- Re: cvs commit: openssl/crypto/ocsp ocsp.h o... Richard Levitte - VMS Whacker
- Re: cvs commit: openssl/crypto/ocsp ocs... Dr S N Henson
- Re: cvs commit: openssl/crypto/ocsp ocs... Richard Levitte - VMS Whacker
- Re: cvs commit: openssl/crypto/ocsp ocs... Oscar Jacobsson
- Re: cvs commit: openssl/crypto/ocsp... Richard Levitte - VMS Whacker
- Re: cvs commit: openssl/crypto/ocsp ocs... rsalz
- Re: cvs commit: openssl/crypto/ocsp... Richard Levitte - VMS Whacker
- Re: cvs commit: openssl/crypto/ocsp... Oscar Jacobsson
- Re: cvs commit: openssl/crypto/ocsp ocs... Dr S N Henson
- Re: cvs commit: openssl/crypto/ocsp ocs... Richard Levitte - VMS Whacker
- Re: cvs commit: openssl/crypto/ocsp... Dr S N Henson
- Re: cvs commit: openssl/crypto/ocsp ocs... Richard Levitte - VMS Whacker
- Re: cvs commit: openssl/crypto/ocsp ocs... Dr S N Henson
- Re: cvs commit: openssl/crypto/ocsp... Richard Levitte - VMS Whacker
