Explanation of the OCSP sign request

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

 

I’m looking for the better understanding for the RFC 2560  Online Certificate Status Protocol – OCSP.

 

The section 4.1 defines the ASN.1 structure for the OCSP request. Follows the shortened structure.

 

OCSPRequest

   TBSRequest

   OPTIONAL Signature,

 

where the signature is marked as OPTIONAL. That one leads to the conclusion that signing of the OCSP request is not required and the implementer of the OCSP client MAY digitally sign that request.

 

But the section 2.3  Exception Cases defines error types and one of them is “—sigRequired”

 

   The response "sigRequired" is returned in cases where the server

   requires the client sign the request in order to construct a

   response.

 

 

Does it mean that in that case the signature of the request becomes mandatory? Does it mean that OCSP clients that have not implemented OCSP request signing after are breaking this RFC?

 

Thanks in advance

 

Robert Hernady

_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]