> Hmmm. Doesn't this get really complicated?
It can, yes.
One approach would be for the signer to include an OCSP response "with"
the document they are signing. The OCSP nonce should be a hash of the
document being signed.
> I suppose someone is thinking about how to do all this...
We are all making it up as we go along. More or less.
/r$
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
- Re: "Suspending" certificate Rich Salz
- Re: "Suspending" certificate Yuji Shinozaki
- Re: "Suspending" certific... Rich Salz
- Re: "Suspending" certific... Richard Levitte - VMS Whacker
- Re: "Suspending" cert... Mads Toftum
- Re: "Suspending" ... Oscar Jacobsson
- Re: "Suspending" certificate Massimiliano Pala
- RE: "Suspending" certificate Bernard Dautrevaux
- Re: "Suspending" certific... Rich Salz
- RE: "Suspending" certificate Bob McConnell
- Re: "Suspending" certificate Peter Sylvester
