[cabfpub] Non url-encoded OCSP requests using the GET method
geoffk at apple.com
Mon Mar 31 11:17:21 MST 2014
On 31 Mar 2014, at 1:11 am, Mads Egil Henriksveen <Mads.Henriksveen at buypass.no> wrote:
> The base-64 encoding may contain reserved characters like “/” and our interpretation is that such reserved characters should be percent-encoded (i.e. “%/”) according to RFC 3986.
> However, we receive a lot of OCPS requests where this encoding requirements are not satisfied, and we intend to start rejecting such requests.
I'd strongly recommend that OCSP responders not reject requests simply because they are slightly nonconformant. The practical impact of doing so is reduced security, reduced performance, and increased traffic.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4103 bytes
Desc: not available
Url : https://cabforum.org/pipermail/public/attachments/20140331/6dadb9fc/attachment.bin
More information about the Public