> -----Original Message----- > From: pkix-bounces at ietf.org [mailto:pkix-bounces at ietf.org] On Behalf Of > Rob Stradling > Sent: Friday, February 10, 2012 1:50 PM > To: pkix at ietf.org > Subject: Re: [pkix] Certificate flag for 'always stapled' > > On 10/02/12 18:47, Paul Hoffman wrote: > <snip> > > ...although the format of the extension should certainly be reviewed here. > > Rather than define a completely new extension, wouldn't it make more > sense to extend the existing Authority Information Access extension? > I think that the use cases that this new extension would server are still unclear. > The fields in the AIA extension are accessMethod and accessLocation. > OCSP is the "method" for both on-line OCSP and stapled OCSP. The main > difference between the two is the "location" from which the OCSP Response > is "accessed". > In any case overloading AIA might not be a good idea. The interpretation of this extension would differ depending on whether the RP is a TLS client or a TLS server. > -- > Rob Stradling > Senior Research & Development Scientist > COMODO - Creating Trust Online > _______________________________________________ > pkix mailing list > pkix at ietf.org > https://www.ietf.org/mailman/listinfo/pkix
Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.