I have been informed off-list that the answer to my question is no, and asked to open a phabricator task to allow for fail-over alternate certificate utilization in the case of revocations via OCSP or revocation list-based revocation.
I am strongly in favor of doing so, but I don't know how to categorize such a task or the group to assign it to. Any ideas?
On Sun, Jan 29, 2017 at 8:32 PM, James Salsman jsalsman@gmail.com wrote:
Are Foundation servers able to withstand Online Certificate Status Protocol certificate revocations, such as might occur according to RFC 5280 when a government agency declares a private key compromised because of secret evidence?