I take it that the answer to my question is none. Which is what I suspected. The semantics of "unauthorized" does not give you the basis for such functionality. And 5019 is very widely deployed. I'm going to sep down from this discussion and see how it goes. It is not me you have to convince. It's the community of implementers. /Stefan On 3/26/13 1:39 PM, "Martin Rex" <mrex@xxxxxxx> wrote: >Stefan Santesson wrote: >> What OCSP client are you using that behaves like this? >> >> On 3/26/13 1:09 PM, "Martin Rex" <mrex@xxxxxxx> wrote: >> >> >I would no longer get a popup from my OCSP client that tells my >> >that I'm unauthorized to submit OCSPRequests to that server, and that >> >the server has been moved to a blacklist > >Every sensible implementation of rfc2560 that does not happen to >be based on rfc5019. > >I knew about rfc2560 for several years, but I only learned about the >existence of rfc5019 a few weeks ago -- because of the bogus change >to the "unauthorized" semantics in the rfc2560bis I-D. > > >-Martin