Olle Mulmo wrote:
To avoid confusion: Please make use of proper terminology when such is defined (for once).
OK, in fact we are attaching a corrected version of the working document that includes a section called "Definitions", precisely to use a common technical vocabulary. Also according to our last email, we've deleted references to the "OCSP Extensions" proposal.
The proper name for the "trust chaining" scenario is called "Authorized responder", and the authorization is marked by the CA via the inclusion of the ocsp-signing extended key usage.
Thanks, we've already included this in the "Definitions" section.
[...]
One responder being authorized by multiple CAs is a perfectly legal and reasonably common mode of operation. I know of at least one commercial software (the one that I wrote...) that supports both the case of all CAs signing a single key pair, and the responder having multiple signing keys simultaneously, selecting the appropriate on depending on which certificate that status is requested for.
We agree, it is also the same implementation that we've done at CertiVeR.
/Olle
Best regards, Jesus & Oscar.