Ryan Sleevi <ryan-ietf...@sleevi.com> wrote: > On Sat, Apr 22, 2017 at 5:42 PM, Kurt Roeckx <k...@roeckx.be> wrote: >> >> So for OCSP of a subordinate CAs there doesn't seem to be any >> requirement for a nextUpdate. >> > > Correct. This is part of the many asynchronicities related to CRLs and > OCSP in the BRs (another example: https://cabforum.org/ > pipermail/public/2017-April/010497.html ) for which I'd love a consistent > and normative profile, for which I have a bit of a normative profile > already. > > My own $.02, however, is that I'm not keen to see such a profile of CA > behaviour in TLS. It will almost certainly be ignored and/or supplanted. >
The TLS 1.3 specification isn't the right place to specify what to do with OCSP responses that do not have a nextUpdate field. Cheers, Brian -- https://briansmith.org/
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
