Olle Mulmo wrote:
> To avoid confusion: Please make use of proper terminology when such is
> defined (for once).
OK, in fact we are attaching a corrected version of the working document
that includes a section called "Definitions", precisely to use a common
technical vocabulary. Also according to our last email, we've deleted
references to the "OCSP Extensions" proposal.
>
> The proper name for the "trust chaining" scenario is called
> "Authorized responder", and the authorization is marked by the CA via
> the inclusion of the ocsp-signing extended key usage.
Thanks, we've already included this in the "Definitions" section.
> [...]
>
> One responder being authorized by multiple CAs is a perfectly legal
> and reasonably common mode of operation. I know of at least one
> commercial software (the one that I wrote...) that supports both the
> case of all CAs signing a single key pair, and the responder having
> multiple signing keys simultaneously, selecting the appropriate on
> depending on which certificate that status is requested for.
We agree, it is also the same implementation that we've done at CertiVeR.
>
> /Olle
Best regards,
Jesus & Oscar.
