1. a CA issues both long life leaf cert with OCSP endpoint and 5 day one without any OCSP AIA in it, what OCSP reponsder can/should answer for short life certificate?
2. Can a intermediate CA run two sharded OCSP responder, splited by last bit of serial number and fill AIA with currect one? if allowed, can odd.ocsp.ca.com answer "unused" at all even serial number and not considered bindingly revorked? -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/15efac23-b724-4b37-a2ed-3d08f60f2ccan%40mozilla.org.
