[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Cached OCSP responses vs. single entry CRLs

To: Jean-Marc Desperrier <jmdesp@xxxxxxx>
Subject: Re: Cached OCSP responses vs. single entry CRLs
From: Michael Ströder <michael@xxxxxxxxxxxx>
Date: Wed, 10 Dec 2003 17:14:58 +0100
Cc: ietf-pkix@xxxxxxx
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <> <>
Sender: owner-ietf-pkix@xxxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5) Gecko/20031007

Jean-Marc Desperrier wrote:

I'm a bit sceptic it really works,

So am I.

but if the CRL's IDP is marked critical as it should, maybe a good number of client will duly reject the CRL when they can not support that case.

I saw at least one widely-deployed software of a major vendor simply crash when CRL IDP was marked critical.

Ciao, Michael.

Follow-Ups:
- RE: Cached OCSP responses vs. single entry CRLs
  - From: Santosh Chokhani

References:
- RE: Cached OCSP responses vs. single entry CRLs
  - From: Ryan M. Hurst
- Re: Cached OCSP responses vs. single entry CRLs
  - From: Jean-Marc Desperrier

Prev by Date: RE: Cached OCSP responses vs. single entry CRLs
Next by Date: Re: OCSP in TLS handshake
Previous by thread: RE: Cached OCSP responses vs. single entry CRLs
Next by thread: RE: Cached OCSP responses vs. single entry CRLs
Index(es):
- Date
- Thread