[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: OCSP identifiers

To: MMyers@xxxxxxxxxxxx, Denis.Pinkas@xxxxxxxx
Subject: Re: OCSP identifiers
From: Peter Sylvester <Peter.Sylvester@xxxxxxxxxx>
Date: Thu, 30 Nov 2000 12:20:36 +0100 (MET)
Cc: ietf-pkix@xxxxxxx

> 
> Rather easy. OCSP server may use any information they wish (e.g. a private
> access to a database of the non revoked certificates from the CA (if this
> exists) or CRLs). Howveer, since the requester wants the same kind of
> response whatever source of information is being used, only the common
> denominator of that information should be used to produce the response. In
> particular there should be no assumption that the OCSP server, * for a
> revocation status query *, has access to more information than the one
> contained in a CRL.
> 

Are you saying that a responder MUST respond 'good' even if it has
access to the actual cert database and knows that the cert does not
exists. 

I think the responder would respond 'unknown' in this case.

Follow-Ups:
- Re: OCSP identifiers
  - From: Denis Pinkas

Prev by Date: I-D ACTION:draft-ietf-pkix-rfc2511bis-00.txt
Next by Date: Re: OCSP identifiers
Previous by thread: RE: OCSP identifiers
Next by thread: Re: OCSP identifiers
Index(es):
- Date
- Thread