I am currently implementing the "Certificate Status Request" extension (RFC4366) for NSS. The primary use of this implementation will be OCSP verification of certificates presented by SSL websites.
For the general Internet context, I am unable to find a case where a client should specify a non-empty responder_id_list. But in any case, say that the client does specify a responderID (to a general SSL webserver), what is the server supposed to do? The responderID is supposed to be either 1) the hash of the responder public key, or 2) a name (convention appears to be SubjectName of the responder). Unless convention for a responderID "name" is a AIA URL (and clients use a URL over a hash), the webserver will have to be pre-configured to determine appropriate end-points for each possible responder. What is the recommended way to specify responderIDs? nagendra -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
