[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: OCSP response pre-production

To: "Florian Oelmaier" <oelmaier@xxxxxxxxxxx>, <ietf-pkix@xxxxxxx>
Subject: RE: OCSP response pre-production
From: Paul Hoffman / IMC <phoffman@xxxxxxx>
Date: Tue, 30 Sep 2003 15:34:11 -0700
Cc: <mmyers@xxxxxxxxx>
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

At 9:10 PM +0200 9/30/03, Florian Oelmaier wrote:

> >I think in the long run this will harm the security of the protocol.

 >Major software vendors implementing OCSP-clients have to support
 >OCSP caching.

 Why? They could just support remembering one bit that says whether or
 not the server handles nonces. A setting of "don't send a nonce"
 could be cleared every 100 or so requests, leading to an increase of
 about 1% of the load for both the client and the server.


I know that this is possible. But I dont think many vendors will do it -
if you dont write it down into the RfC.

In your earlier message, you said what "major software vendors" had to do, and now you are saying what vendors won't do. I was pointing out that they didn't have to do what you said, and that they might do something else (that I think is sensible for both the vendor and the customer).

 So if you want such a thing to
happen, just state it in the RfC please.

Yes, it would be good if we put this in as a MAY-level suggestion.

--Paul Hoffman, Director
--Internet Mail Consortium

References:
- RE: OCSP response pre-production
  - From: Florian Oelmaier

Prev by Date: RE: OCSP response pre-production
Next by Date: Re: Self-Issued certificate requirements?
Previous by thread: RE: OCSP response pre-production
Next by thread: RE: OCSP response pre-production
Index(es):
- Date
- Thread