[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: OCSP response pre-production

To: "Florian Oelmaier" <oelmaier@xxxxxxxxxxx>, <ietf-pkix@xxxxxxx>
Subject: RE: OCSP response pre-production
From: Paul Hoffman / IMC <phoffman@xxxxxxx>
Date: Tue, 30 Sep 2003 11:27:52 -0700
Cc: mmyers@xxxxxxxxx
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <> <>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

At 5:45 PM +0000 9/30/03, Florian Oelmaier wrote:

I think in the long run this will harm the security of the protocol. Major software vendors implementing OCSP-clients have to support OCSP caching.

Why? They could just support remembering one bit that says whether or not the server handles nonces. A setting of "don't send a nonce" could be cleared every 100 or so requests, leading to an increase of about 1% of the load for both the client and the server.

--Paul Hoffman, Director
--Internet Mail Consortium

Follow-Ups:
- RE: OCSP response pre-production
  - From: Florian Oelmaier

References:
- RE: OCSP response pre-production
  - From: Florian Oelmaier

Prev by Date: RE: OCSP response pre-production
Next by Date: RE: OCSP response pre-production
Previous by thread: RE: OCSP response pre-production
Next by thread: RE: OCSP response pre-production
Index(es):
- Date
- Thread