[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: OCSP response pre-production

To: "'Paul Hoffman / IMC'" <phoffman@xxxxxxx>, <ietf-pkix@xxxxxxx>
Subject: RE: OCSP response pre-production
From: "Florian Oelmaier" <oelmaier@xxxxxxxxxxx>
Date: Tue, 30 Sep 2003 21:10:47 +0200
Cc: <mmyers@xxxxxxxxx>
Importance: Normal
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Organization: SyTrust
Sender: owner-ietf-pkix@xxxxxxxxxxxx

> >I think in the long run this will harm the security of the protocol.
> >Major software vendors implementing OCSP-clients have to support 
> >OCSP caching.
> 
> Why? They could just support remembering one bit that says whether or 
> not the server handles nonces. A setting of "don't send a nonce" 
> could be cleared every 100 or so requests, leading to an increase of 
> about 1% of the load for both the client and the server.

I know that this is possible. But I dont think many vendors will do it -
if you dont write it down into the RfC. So if you want such a thing to
happen, just state it in the RfC please.

-- 
Florian Oelmaier
SyTrust

Follow-Ups:
- RE: OCSP response pre-production
  - From: Paul Hoffman / IMC

References:
- RE: OCSP response pre-production
  - From: Paul Hoffman / IMC

Prev by Date: RE: OCSP response pre-production
Next by Date: RE: OCSP response pre-production
Previous by thread: RE: OCSP response pre-production
Next by thread: RE: OCSP response pre-production
Index(es):
- Date
- Thread