[kmf-discuss] PKIX certificate path validation (fwd)
Jan Pechanec
Jan.Pechanec at Sun.COM
Fri Dec 21 15:04:48 PST 2007
On Fri, 21 Dec 2007, Huie-Ying Lee wrote:
> One question about section 4.1 - if responses are included along with the
> certificates, then each certificate in the chain should be covered by one of
> the responses. Correct ?
probably not since there are fields for number of certificates AND
number of OCSP responses. So, even if number of singleResponse records was
to be the same, the draft suggests that more of them could be put into one
OCSP Response. Is it a problem? I guess some preprocessing could easily take
care of that.
on the other hand, it's just a draft. We could try to drive it to
another update - Nico, how that could be done?
thanks, Jan.
--
Jan Pechanec
More information about the kmf-discuss
mailing list