Hello. The discussion has been a little quiet for some time. I'm including a new version of the document. Here are some comments: -- I've removed several occurrences of "suspend" and "suspended" basicly in contexts like "revoked and suspended". IMO suspension is just a special case of revocation. -- Section 2, p.2 removed redundant "or invalidated" from "revoked or invalidated" in -- corrected spelling of "openssl" to "OpenSSL" throughout the document -- removed (mostly my) comments from the document -- Section 3, p.3: Removed point about "establishing of authorized OCSP responders between Grid CAs" being the way to achieve interoperability and "trust relationships among Grid PKIs" - it didn't make much sense to me -- Section 3, p.3: Removed point making requirements on the OCSP service provider - I think it belongs into "Requirements" section. -- Section 5.4, p.5: crosslink to Section 4 removed "Another Responder discovery solution consist of configuring a Global OCSP Redirector per domain in charge of redirecting the relying party's OCSP request according to specified parameters (i.e. OCSP load, network traffic, availability, etc.)." - it is just a special case of a local trusted responder. -- Section 5.7 "Revoked with status Suspended or OnHold" -> "...with revocationReason certificateHold..." -- Section 6.2 Crosslink to Section 4 -- Section 6.6 reverted the section back to Olle's version. The modified version did not make much sense to me -- Section 10 is empty - I didn't succeed to persuade my OpenOffice to get rid of it ;( -- Section 11 I'm not sure whether the statement of OCSP policies and Grid Services fits inot the document spirit... -- Section 14 replaced the Authorized Responder definition by a citation form RFC2560 - are we really going to have a Definitions section? If so, it would probably look better if we include some more of them ;) Regards -- Milan Sova sova@cesnet.cz