[foaf-protocols] Logging out early w/ OCSP

Nathan nathan at webr3.org
Mon Sep 20 17:19:31 CEST 2010

Awesome find Joe!

on a similar note, I was wondering last night if you'd done any playing 
with SSL Sessions (TLS is stateful) and you've got the SSL_SESSION_ID 
provided by apache - my prelim probably-should-answer-myselfquestion is, 
does the session id remain constant over a set of requests, or is each 
new request a new TLS session (talking HTTP+TLS specifically here).

Best, and again, nice find/thinking,


Joe Presbrey wrote:
> Do your WebID IdP's implement OCSP?
> http://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol
> On a public terminal, It seems I can ask for a 30-minute session
> (literally with X509 enddate/notAfter) but I can't end it early
> without OCSP.
> I would think my IdP's should send OCSP denials for requests for my
> temporarily-issued cert after I click my IdP's Logout button.
> Apache implements OCSP:
> http://httpd.apache.org/docs/trunk/mod/mod_ssl.html#sslocspenable

More information about the foaf-protocols mailing list