I don't see anyone objecting to this being an issue that is worth adding a note about in the doc. /O On Apr 26, 2006, at 09:19, jluna@ac.upc.edu wrote:
Exactly, in fact IETF Draft's "Lightweight OCSP Profile for High Volume Environments" in section "5.2 HTTP Proxies" has an interesting text about this issue -something which may have been useful to specify also in RFC2560-. Do you think that it may be worth mentioning it into the OCSP reqs document or let's just skip it?
Regards, Oscar & Jesus
Mensaje citado por Matt Crawford <crawdad@fnal.gov>:
On Apr 24, 2006, at 2:39, jluna@ac.upc.edu wrote:
HTTP Proxying is useful, but the problem may arise from HTTP-caches were a misconfigured server may begin responding OCSP Requests instead of sending them to the OCSP Responder. I think that this is likely to happen when OCP Requests are being send over HTTP/1.0 (i.e. OpenSSL clients?).
It would be very important to know what caching control is being sent by the OCSP Responder when the cache first sends the request to it.