RE: clarification about RFC2560.

Selon "yquenechdu <at> linagora.com" <yquenechdu <at> linagora.com>:

> Selon Dave Engberg <dengberg <at> corestreet.com>:
> 
>  
>  If your responder does not have a delegated certificate (with the "OCSP
>  Signing" Extended Key Usage) from each Certificate Authority, then your
>  responder certificate must be explicitly trusted by every client that uses
>  your responder.
>  
>  OCSP clients make this possible by allowing you to specify "explicitly
>  trusted" responder certificates at each client.
>  
>  It is not possible to ask the client to accept your responder cert if that
>  cert is not issued by the CA of the cert they are checking.
>  
Your third sentence seems to conflit with the previous one. is it just a
 miss use or really impossible ?
> 
> Thanks 
> Yannick Quenec'hdu
> 
> > -----Original Message-----
> > From: owner-ietf-pkix <at> mail.imc.org [mailto:owner-ietf-pkix <at> mail.imc.org]
> On
> > Behalf Of yquenechdu <at> linagora.com
> > Sent: Thursday, March 04, 2004 8:38 AM
> > To: ietf-pkix <at> imc.org
> > Subject: clarification about RFC2560.