Is there any way I can suck back the last two messages I sent on this thread and pretend they never happened? <sigh> I guess not.
Please ignore my assertions about what the AIA extension does: I was completely wrong. As we were making the AIA extension in the PKIX WG, we discussed multiple proposals, and I quite frankly forgot which one won. The AIA extension, using id-ad-ocsp, tells where to find the OCSP responder that will tell you about *this* certificate, not the certificates issued by this CA (if it the extension is in a CA certificate). We never did standardize an extension that says "if you see this in a CA cert and you want to know where to find my OSCP server, it is over *here*". _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
