Is it possible to use OCSP based revocation for web applications ? Documentation is somehow vague.Any hints are highly appreciated.
paul
Subject: Here is the content of one of the slides from my Lotusphere presentation in 2008 (ID208)
Certificate Revocation Checking via OCSPOnline Certificate Status Protocol, RFC 2560
Determine the revocation state of an X.509 certificate
More timely information than CRLs, no CRL cache required
Enhances security for:
S/MIME signature verification
S/MIME encrypted sender verification
SSL certificate verification
OCSP client support, not an OCSP responder
Third-party OCSP responders can be configured to return information from CRLs issued by the IBM Lotus® Domino® CA
OCSP must be enabled to be used
Security policy for the IBM Lotus® Notes® client
OCSP_RESPONDER, OCSP_LOGLEVEL, OCSP_CERTSTATUS notes.ini variables for a Domino server
Strict OCSP configuration may cause difficulties for off-line users
Subject: That means yes ?
Thanks for response.Do you have any examples ?
Do you know anybody who is actually using that ?
Best regards
paul
Subject: Would need more information about your environment…
Without more information about your environment and what you are trying to do, I can’t state definitively what will work for you and what won’t. And developers aren’t the right folks to ask for customer reference accounts, but somebody on this forum or the 8.0 forum might volunteer their own information.