Review Request of JDK Enhancement Proposal: OCSP stapling
Xuelei Fan
xuelei.fan at oracle.com
Tue May 6 14:05:12 UTC 2014
On 5/6/2014 9:36 PM, Florian Weimer wrote:
> On 04/02/2014 01:19 AM, Xuelei Fan wrote:
>> Here is the updated version:
>> http://cr.openjdk.java.net/~xuelei/8034248/jep-csre-v01.txt
>>
>> Updated the description section and a few words so that it is easier to
>> understand.
>
> I think the server side would benefit from an API which allows code to
> directly supply the OCSP response to be stapled, perhaps as part of the
> extended trust manager.
>
Typically, OCSP response is time-variant. Ideally, the response should
be retrieved and updated internally, in time and automatically. For the
first stage, I only want to implement the essential feature, and keep
the footprint as small as possible.
Thanks,
Xuelei
More information about the security-dev
mailing list