3.1.5 Processing Events and Sequencing Rules

OCSP request creation MUST adhere to [RFC5019] section 2.1.<3>

When an OCSP Extensions client processes the response from a responder, it enforces that the response is signed by one of the following keys:

  • The private key that was used to sign the inspected certificate.

  • A private key with a corresponding certificate that was signed by using the same private key that was used to sign the inspected certificate.