[foaf-protocols] Logging out early w/ OCSP

Nathan nathan at webr3.org
Mon Sep 20 17:19:31 CEST 2010


Awesome find Joe!

on a similar note, I was wondering last night if you'd done any playing 
with SSL Sessions (TLS is stateful) and you've got the SSL_SESSION_ID 
provided by apache - my prelim probably-should-answer-myselfquestion is, 
does the session id remain constant over a set of requests, or is each 
new request a new TLS session (talking HTTP+TLS specifically here).

Best, and again, nice find/thinking,

Nathan

Joe Presbrey wrote:
> Do your WebID IdP's implement OCSP?
> 
> http://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol
> 
> On a public terminal, It seems I can ask for a 30-minute session
> (literally with X509 enddate/notAfter) but I can't end it early
> without OCSP.
> 
> I would think my IdP's should send OCSP denials for requests for my
> temporarily-issued cert after I click my IdP's Logout button.
> 
> Apache implements OCSP:
> http://httpd.apache.org/docs/trunk/mod/mod_ssl.html#sslocspenable



More information about the foaf-protocols mailing list