[caops-wg] Issue with OCSP through HTTP caches
jluna at ac.upc.edu
jluna at ac.upc.edu
Wed Apr 26 02:19:54 CDT 2006
Exactly, in fact IETF Draft's "Lightweight OCSP Profile for High Volume
Environments" in section "5.2 HTTP Proxies" has an interesting text about this
issue -something which may have been useful to specify also in RFC2560-.
Do you think that it may be worth mentioning it into the OCSP reqs document or
let's just skip it?
Regards,
Oscar & Jesus
Mensaje citado por Matt Crawford <crawdad at fnal.gov>:
>
> On Apr 24, 2006, at 2:39, jluna at ac.upc.edu wrote:
>
> > HTTP Proxying is useful, but the problem may arise from HTTP-caches
> > were a
> > misconfigured server may begin responding OCSP Requests instead of
> > sending them
> > to the OCSP Responder. I think that this is likely to happen when
> > OCP Requests
> > are being send over HTTP/1.0 (i.e. OpenSSL clients?).
>
> It would be very important to know what caching control is being sent
> by the OCSP Responder when the cache first sends the request to it.
>
More information about the caops-wg
mailing list