[176601] in North American Network Operators' Group
Re: CAs with dual stacked CRL/OCSP servers
daemon@ATHENA.MIT.EDU (Ben Sjoberg)
Fri Dec 5 09:46:22 2014
X-Original-To: nanog@nanog.org
In-Reply-To: <868uim1et2.fsf@valhalla.seastrom.com>
Date: Fri, 5 Dec 2014 08:46:13 -0600
From: Ben Sjoberg <bensjoberg@gmail.com>
To: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
Comodo's the only one I know off the top of my head. AAAA records on
both the OCSP and CRL domains.
On Fri, Dec 5, 2014 at 6:06 AM, Rob Seastrom <rs@seastrom.com> wrote:
>
> At $DAYJOB, we have some applications that we would like to be all
> hipster and *actually check* for certificate revocation. I know this
> is way out there in terms of trendiness and may offend some folks.
>
> Difficulty: the clients are running on single stacked IPv6. We have
> recently been advised by our existing CA that they "do not currently
> have IPv6 support plan" (sic).
>
> OCSP Stapling sounds like it could be a winner here. Unfortunately,
> the software support is not quite ready yet on the platform on either
> end of the connection (client or server).
>
> So... we're looking around for a vendor that's taken the time to dual
> stack its servers.
>
> Any leads?
>
> -r
>
