[cabfpub] Non url-encoded OCSP requests using the GET method

Mads Egil Henriksveen Mads.Henriksveen at buypass.no
Mon Mar 31 08:11:42 UTC 2014


We have during the last months received a lot of OCSP requests using the GET method where it is questionable whether they satisfy the requirements or not.

RFC 6960 states that:
   An OCSP request using the GET method is constructed as follows:

   GET {url}/{url-encoding of base-64 encoding of the DER encoding of
   the OCSPRequest}

The base-64 encoding may contain reserved characters like "/" and our interpretation is that such reserved characters should be percent-encoded (i.e. "%/") according to RFC 3986.

However, we receive a lot of OCPS requests where this encoding requirements are not satisfied, and we intend to start rejecting such requests.

Has anyone identified this as an issue and what should the recommended behavior be in this case?


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20140331/05bb6fc8/attachment-0002.html>

More information about the Public mailing list