[caops-wg] Issue with OCSP through HTTP caches
Olle Mulmo
mulmo at pdc.kth.se
Wed Apr 26 02:50:21 CDT 2006
I don't see anyone objecting to this being an issue that is worth
adding a note about in the doc.
/O
On Apr 26, 2006, at 09:19, jluna at ac.upc.edu wrote:
> Exactly, in fact IETF Draft's "Lightweight OCSP Profile for High
> Volume
> Environments" in section "5.2 HTTP Proxies" has an interesting text
> about this
> issue -something which may have been useful to specify also in
> RFC2560-.
> Do you think that it may be worth mentioning it into the OCSP reqs
> document or
> let's just skip it?
>
> Regards,
> Oscar & Jesus
>
> Mensaje citado por Matt Crawford <crawdad at fnal.gov>:
>
>>
>> On Apr 24, 2006, at 2:39, jluna at ac.upc.edu wrote:
>>
>>> HTTP Proxying is useful, but the problem may arise from HTTP-caches
>>> were a
>>> misconfigured server may begin responding OCSP Requests instead of
>>> sending them
>>> to the OCSP Responder. I think that this is likely to happen when
>>> OCP Requests
>>> are being send over HTTP/1.0 (i.e. OpenSSL clients?).
>>
>> It would be very important to know what caching control is being sent
>> by the OCSP Responder when the cache first sends the request to it.
>>
>
>
More information about the caops-wg
mailing list