Klaas Wierenga wrote: > 4.5.1.3 server credential revocation checking > > Perhaps with the exception of the Grid community there is no use of > OCSP (let alone SCVP) as far as I know, and popular implementations > of SSL don't implement it. I understand the requirement but I am > afraid this is too restrictive and may be prohibitive for > implementers. I would suggest changing the MUST to SHOULD and > leave out the paragraph about OCSP and SCVP.
All the most common web browsers (such as Firefox, IE, Safari, and Opera) support OCSP. (However, AFAIK they don't support the "certificate_status" TLS extension, so you need network connectivity to check OCSP -- obviously a problem for EAP methods used for network access authentication...) Best regards, Pasi _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
