[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: response to unauthorized OCSP reques

To: ietf-pkix@xxxxxxx
Subject: RE: response to unauthorized OCSP reques
From: Graham Bland <gbland@xxxxxxxxx>
Date: Tue, 11 Aug 1998 8:38:57 +0000
Sender: owner-ietf-pkix@xxxxxxx

There is a sigRequired error response which specifically covers this 
situation.

Check the version you are looking at this was added recently and is in the 
05 draft.

Graham
 ----------
From: stefan@accurata.se
To: ietf-pkix@imc.org
Subject: response to unauthorized OCSP requests
Date: 10 August 1998 17:34

Just a short question that came up in an internal discussion.

If an OCSP responder requires a signed request and determines that
the request was performed by an unauthorized requestor.

What should he respond?

The closest, malformedRequest, does only concern the syntax of the request.

Should there be an "unautorizedRequest" response as well?

/Stefan
 -------------------------------------------------------------------
Stefan Santesson                <stefan@accurata.se>
Accurata Systemsäkerhet AB
Lotsgatan 27 D                  Tel. +46-40 152211
216 42  Malmö                   Fax. +46-40 150790
Sweden                        Mobile +46-70 5247799

PGP fingerprint: 89BC 6C79 5B3D 591B 8547  1512 7D11 DBF4 528F 29A0
 -------------------------------------------------------------------

--
Zergo Limited, The Square, Basing View, Basingstoke, Hants. RG21 4EG, UK
Tel: + 44 (0) 1442 342 600    Fax: +44 (0) 1256 812 901
Website:  http://www.zergo.com

Follow-Ups:
- Re: response to unauthorized OCSP reques
  - From: Andreas Berger

Prev by Date: German Key Usage
Next by Date: Re: response to unauthorized OCSP reques
Previous by thread: German Key Usage
Next by thread: Re: response to unauthorized OCSP reques
Index(es):
- Date
- Thread