Exactly, in fact IETF Draft's "Lightweight OCSP Profile for High Volume Environments" in section "5.2 HTTP Proxies" has an interesting text about this issue -something which may have been useful to specify also in RFC2560-. Do you think that it may be worth mentioning it into the OCSP reqs document or let's just skip it? Regards, Oscar & Jesus Mensaje citado por Matt Crawford <crawdad@fnal.gov>:
On Apr 24, 2006, at 2:39, jluna@ac.upc.edu wrote:
HTTP Proxying is useful, but the problem may arise from HTTP-caches were a misconfigured server may begin responding OCSP Requests instead of sending them to the OCSP Responder. I think that this is likely to happen when OCP Requests are being send over HTTP/1.0 (i.e. OpenSSL clients?).
It would be very important to know what caching control is being sent by the OCSP Responder when the cache first sends the request to it.