Just a quick thought, that I don't want to lose.
Maybe it would be a reasonable middle-ground to define:
- for intermediate CAs, OCSP information is published in DNS
- for servers, we use OCSP stapling
(Rob, thanks for your response, I'm still digesting.)
Regards
Kai
--
dev-tech-crypto mailing
On Wednesday 07 Dec 2011 04:19:09 Kai Engert wrote:
snip
I haven't researched, but has anyone already thought of distributing
OCSP records using DNS in general?
If we had OCSP-in-DNS, we might not even require OCSP stapling. This
could run as a service completely independent of the SSL
2 matches
Mail list logo