[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: OCSP response pre-production

To: "Terry Hayes" <thayes0993@xxxxxxx>, "David Engberg" <dave@xxxxxxxxxxxxxx>
Subject: RE: OCSP response pre-production
From: "Michael Myers" <mmyers@xxxxxxxxx>
Date: Thu, 2 Oct 2003 11:43:22 -0700
Cc: <ietf-pkix@xxxxxxx>
Importance: Normal
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx


> -----Original Message-----
> From:  Terry Hayes
>
> . . .
>
> I also agree with Mike that we need to define an
> error that says that a nonce is required for this
> responder.  This error is subject to
> denial-of-service attacks (since it's unsigned),
> but we're already exposed to that in this protocol
> anyway.

Actually, Terry, errors were left unsigned largely to enable
edge servers to respond more effectively to a DOS flood than
might an interior signing server.

Mike

References:
- RE: OCSP response pre-production
  - From: Terry Hayes

Prev by Date: RE: OCSP response pre-production
Next by Date: Re: OCSP response pre-production
Previous by thread: RE: OCSP response pre-production
Next by thread: RE: OCSP response pre-production
Index(es):
- Date
- Thread