This is a very straightforward update to OCSP. I compiled the ASN.1 module, and it works. Russ > On Mar 20, 2024, at 6:16 AM, The IESG <iesg-secretary@xxxxxxxx> wrote: > > The IESG has received a request from the Limited Additional Mechanisms for > PKIX and SMIME WG (lamps) to consider the following document: - 'Online > Certificate Status Protocol (OCSP) Nonce Extension' > <draft-ietf-lamps-ocsp-nonce-update-04.txt> as Proposed Standard > > The IESG plans to make a decision in the next few weeks, and solicits final > comments on this action. Please send substantive comments to the > last-call@xxxxxxxx mailing lists by 2024-04-03. Exceptionally, comments may > be sent to iesg@xxxxxxxx instead. In either case, please retain the beginning > of the Subject line to allow automated sorting. > > Abstract > > RFC 8954 imposed the size constraints on the optional Nonce extension > for the Online Certificate Status Protocol (OCSP). OCSP is used for > checking the status of a certificate, and the Nonce extension is used > to cryptographically bind an OCSP response message to a particular > OCSP request message. > > Some environments use cryptographic algorithms that generate a Nonce > value that is longer than 32 octets. This document updates the > maximum allowed length of Nonce to 128 octets. This document also > modifies Nonce section to clearly define the encoding format and > values distinctively for an easier implementation and understanding. > This document is a complete replacement for RFC 8954, obsoleting RFC > 8954 and provides updated ASN.1 modules for OCSP, updating RFC 6960. > > The file can be obtained via > https://datatracker.ietf.org/doc/draft-ietf-lamps-ocsp-nonce-update/ > > No IPR declarations have been submitted directly on this I-D. -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
