䐼噉氠湡㵧湥甭汣獡㵳畏汴潯䵫獥慳敧效摡牥愠楬湧∽敬瑦•䥄㵒䰢剔㸢㰠剈琠扡湩敤㵸ⴢ∱‾䘼乏⁔慆散∽≔匠穩㵥㈢㸢㰠㹂㱆䈯‾⁆⁛䈼㹒㰠㹂㱓䈯‾㱗剂‾䈼吾⼼㹂椠䈼㹒†䈼匾⼼㹂匠䈼㹒†㰠䘯乏㹔⼼䥄㹖䐼噉㰾剂㰾䐯噉
SCVP draft 15, section 4.8 replyObjects, CertReply structure:
- If server chooses replyStatus as
MalformedPKC (3), MalformedAC (4), UnrecognizedCertPolicy (5) or
UnrecognizedExtension (7), how is it possible to set ReplyChecks and/or
ReplyWantBacks in this case?
[TF] Since there are all errors, then there is no replycheks
or wantbacks to retutn.
- If server chooses replyStatus as
UnrecognizedValPolicy (6), is it possible that server process the whole
request? I think this status code should belong to CVResponse instead of
CertReply
[TF] Fixed in 16.
- If server chooses replyStatus as
CertPathNotValidNow (12) and reason is that server can not connect to
OCSPResponder/LDAPServer and so have no revocation information for the
time being then what should server put in ReplyWantBacks?
[TF] 16 now defines If you get an error connecting to the
server, then unavailable. If the server returns stale data, offline