Hi, I’m looking for the better understanding for the RFC
2560 Online Certificate Status Protocol – OCSP. The section 4.1 defines the ASN.1 structure for the OCSP request. Follows the shortened structure.
OCSPRequest
TBSRequest
OPTIONAL Signature, where the signature is marked as OPTIONAL. That one leads to the conclusion that signing of the OCSP request is not required and the implementer of the OCSP client MAY digitally sign that request.
But the section 2.3 Exception Cases defines error types and one of them is “—sigRequired” The response "sigRequired" is returned in cases where the server requires the client sign the request in order to construct a response. Does it mean that in that case the signature of the request becomes mandatory? Does it mean that OCSP clients that have not implemented OCSP request signing after are breaking this RFC?
Thanks in advance Robert Hernady |
_______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf