Review Request of JDK Enhancement Proposal: OCSP stapling

Xuelei Fan xuelei.fan at oracle.com
Tue May 6 14:05:12 UTC 2014


On 5/6/2014 9:36 PM, Florian Weimer wrote:
> On 04/02/2014 01:19 AM, Xuelei Fan wrote:
>> Here is the updated version:
>>    http://cr.openjdk.java.net/~xuelei/8034248/jep-csre-v01.txt
>>
>> Updated the description section and a few words so that it is easier to
>> understand.
> 
> I think the server side would benefit from an API which allows code to
> directly supply the OCSP response to be stapled, perhaps as part of the
> extended trust manager.
> 
Typically, OCSP response is time-variant.  Ideally, the response should
be retrieved and updated internally, in time and automatically.  For the
first stage, I only want to implement the essential feature, and keep
the footprint as small as possible.

Thanks,
Xuelei



More information about the security-dev mailing list