Skip to content

Commit

Permalink
OCSP staping legacy support (#49)
Browse files Browse the repository at this point in the history 
address Rob's comment for [lamps] WGLC for draft-ietf-lamps-rfc5019bis-00
https://mailarchive.ietf.org/arch/msg/spasm/0T34ofAdEnbvryni0kJuVwEPm9U/
  • Loading branch information
@CBonnell
CBonnell authored Jan 16, 2024
1 parent 63ad7ab commit 5d7c364
Showing 1 changed file with 10 additions and 0 deletions.
10 changes: 10 additions & 0 deletions draft-ietf-lamps-rfc5019bis.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -527,6 +527,16 @@ the certificate status request extension mechanism for TLS.
Further information regarding caching issues can be obtained
from {{?RFC3143}}.

To provide support to OCSP clients which do not yet
support the use of SHA-256 for CertID hash calculation, the OCSP
responder MAY include two SingleResponses in the OCSP basic response.
The CertID of one of the SingleResponses uses SHA-1 for the hash
calculation, and the CertID in the other SingleResponse uses SHA-256.
Once clients reliant on or relevant to a given OCSP responder have
migrated to the profile as defined in this specification, OCSP
responders SHALL NOT distribute OCSP responses that contain CertIDs that
use SHA-1.

# Security Considerations {#sec-cons}

The following considerations apply in addition to the security
Expand Down

0 comments on commit 5d7c364

Please sign in to comment.