CAs with dual stacked CRL/OCSP servers
rs at seastrom.com
Fri Dec 5 12:06:33 UTC 2014
At $DAYJOB, we have some applications that we would like to be all
hipster and *actually check* for certificate revocation. I know this
is way out there in terms of trendiness and may offend some folks.
Difficulty: the clients are running on single stacked IPv6. We have
recently been advised by our existing CA that they "do not currently
have IPv6 support plan" (sic).
OCSP Stapling sounds like it could be a winner here. Unfortunately,
the software support is not quite ready yet on the platform on either
end of the connection (client or server).
So... we're looking around for a vendor that's taken the time to dual
stack its servers.
More information about the NANOG