Dear all, When we discussed the move to actual OCSP deployment for (large numbers of) IGTF CAs last year during OGF, we came up with the idea of writing two documents to facilitate this deployment: * guidelines for IGTF CAs on how to quickly (and correctly) deploy authoritative OCSP responders, which profile to choose, and how to generate it. Basic on RFC5019 'light-weight' OCSP, but then with some documents and tooling to actually know what to do * a guide for relying parties (and software coders) on how to set up their software and site to make use of OCSP services without causing an effective DDoS against the CAs. We had foreseen a discussion in Rome on progressing the OCSP effort, and we now face the sad duty of having to do that without Milan's guidance. At least we should try and make some progress, relying on good examples and hopefully leveraging some of Scott knowledge on 'real world' deployment. It is also a topic which for which the documents can be partly IGTF (where they concern policy and operations), and partly OGF CAOPS-WG (where they concern profiling and standards). I've made a basic and simple start with two Wiki pages: http://wiki.eugridpma.org/Main/OCSPDeploymentGuidelines http://wiki.eugridpma.org/Main/OCSPProfileForIGTFCAs one for each document. I propose we review these during the Monday session next week. Those in CAOPS who want to join at this stage, you're welcome any time -- the meeting will have video connectivity open for these discussions (hoping the video works). It will definitely also be a topic for OGF in Charlottesville. Details of the video conf will be at <https://www.eugridpma.org/meetings/2013-01/#video> Best regards, DavidG. -- David Groep ** Nikhef, Dutch National Institute for Sub-atomic Physics,PDP/Grid group ** ** Room: H1.50 Phone: +31 20 5922179, PObox 41882, NL-1009DB Amsterdam NL **