Mike Helm <helm@fionn.es.net> wrote:
jluna@ac.upc.edu writes:
We have been aware of the adoption of an OCSP client into a new MyProxy release, and on the other hand OGRO is about to be submitted for evaluation as a patch to Globus' Java core. Maybe it's a good time to push the document again, isn't it?
yes.
I agree. I've found the OCSP Requirements for Grids document useful for my work adding OCSP support to MyProxy (http://bugzilla.ncsa.uiuc.edu/show_bug.cgi?id=281) and the GT C GSI libraries (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=4788), and I'd like to see it published as a GGF draft. One comment I'll make is the MyProxy example in the appendix is odd considering the recommendation elsewhere in the document not to include proxy certificates in OCSP requests.
what's the general capability of the myproxy ocsp client, or its intended application &c? thanks, ==mwh
In an upcoming MyProxy release, it will be possible to configure the myproxy-server to check certificate status via OCSP for stored credentials before delegating a proxy certificate from those credentials. -Jim