certidude icon indicating copy to clipboard operation
certidude copied to clipboard
verified publisher icon laurivosandi

Sign OCSP responses and CRL-s with keypair other than CA-s

Open laurivosandi opened this issue 7 years ago • 0 comments

Since OCSP responses and CRL-s can basically be queried by anyone it would be a good idea to use keypair other than CA-s to sign them, so CA keypair wouldn't be exposed too much (consider timing attacks)

laurivosandi avatar Nov 09 '18 08:11 laurivosandi