Hol@ all, Before replying to Mike's last email I'd like to take the chance and elaborate a little about the OCSP Policy mentioned in the following text.... Mike Helm wrote:
Jesus Luna writes:
In slide 4 of the presentation "OCSP-GGF15.ppt" three different OCSP discovery mechanisms are mentioned to validate user and Proxy Certificates; in this case we agree with them (in fact the first two are referenced in some way in secton "4.4 Responder discovery"), however it could be convenient to mention also the possibility of using the multicited OCSP Policy to accomplish such configuration at the relying
What is the "multicited OCSP policy"?
In this document we have been referencing a way to configure the set of Grid OCSP options to use in these environments. According to section "9. Other considerations", such rules could be contained into what we have mentioned in our response as "OCSP policy" and furthermore has been implemented in OGRO as the "OCSP Validation Policy" which is explained in the following page: http://globus-grid.certiver.com/info/ogro/download.html Under the header: "Building customized OCSP Validation Policies in OGRO" We have found it to be a good option to customize the behaviour of your Grid OCSP client taking into consideration all the parameters that "play in this field". Such policy is still "in diapers" (as we use to say in spanish!) which means that it is in a very, very early stage and furthermore the version in the Web page doesn't contain the "prevalidation" concept mentioned in one of our previous emails, however we expect to further enhance it as community comments arrive ;) Salut, -- <><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><> o o o Jesus Luna Garcia | Polytechnic University of Catalonia o o o PhD Student | Department of Computer Architecture o o o phone: +34 93 401 7187 | Campus Nord. www.ac.upc.es U P C fax: +34 93 401 7055 | C/Jordi Girona 1-3, Modul D6-116 E-mail: jluna@ac.upc.es | Barcelona 08034 SPAIN <><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>