Issac Goldstand wrote:
>
> OK... I think I get it... Now, the openssl site mentions an ocsp
> command for openssl, which I would assume would enable it to launch an
> ocsp response server. Firstly, I have openssl-0.9.6c-engine, and yet
> cannot find ocsp by me? Is it part of the planned 0.9.7
OK... I think I get it... Now, the openssl site mentions an ocsp
command for openssl, which I would assume would enable it to launch an
ocsp response server. Firstly, I have openssl-0.9.6c-engine, and yet
cannot find ocsp by me? Is it part of the planned 0.9.7? If so, is
there a stable-lo
Rich Salz wrote:
> An org might consider its CRL private info ("ooh look, Fred must
> have gotten fired")
In private email, I was prompted to explain this better.
The issue is not when ONE cert is revoked, but when a large number, and
you can make guesses about the number range. For exa
There are other differences:
CRL's can be big
An org might consider its CRL private info ("ooh look, Fred must have
gotten fired")
It's hard to *prove* you consulted a CRL; for OCSP use a hash of your
"real" document as the nonce, and save the response.
An OCSP re
is my understanding of the OCSP protocol.
I hope this helps...
Regards
Suram
- Original Message -
From: Issac Goldstand <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, March 08, 2002 1:17 AM
Subject: newbie question on OCSP
Can someone please help a poor newbie understand
Can someone please help a poor newbie understand exactly what this is
for and how it's used? I've tried looking at the documentation, but I
feel like I'm drowning, probably because I'm trying to understand the
details, but not quite getting the simple stuff,..
Thanks in advance,
Issac
_
