Response may be something relatively difficult to standardize. But on the other hand, we would like to point out that such mechanism has been defined in the RFC2560 with the aim to convey additional information on assertions made by the responder. What we find is that even though such generic mechanism has already been proposed on the standard, the document lacks of suggestions about which uses can be given to the extensions in order to suggest directions or services that could improve the validation process.
The minutes should be up soon, but just a few quick comments before GGF shuts down & I lose net access. OCSP defined the idea of extensions, but this wasn't really developed. There was an OCSP v2 proposed ... I think it lost out (but may exist in some form, by the author; that's theonly reason why I say "think" rather than "definitely did"). Instead, IETF PKIX focused on SCVP as a mechanism for advanced info about certs, PKI, and resolving cert issues. W3C settled on XKMS, based on their mechanisms, as a refactoring of PKI in general, and also in the "space" of advanced certificate validation/discovery / &c services. OCSP would be an internal service of one or both of these services. So, it seems to me, we should probably not look to OCSP for interesting extensions, but on one of these other protocols/standards. XKMS would probably fit in better with Globus' web services software development. Thanks, ==mwh Michael Helm ESnet/LBNL