[cabfpub] Non url-encoded OCSP requests using the GET method

Geoff Keating geoffk at apple.com
Mon Mar 31 18:17:21 UTC 2014

On 31 Mar 2014, at 1:11 am, Mads Egil Henriksveen <Mads.Henriksveen at buypass.no> wrote:

> The base-64 encoding may contain reserved characters like “/” and our interpretation is that such reserved characters should be percent-encoded (i.e. “%/”) according to RFC 3986.
> However, we receive a lot of OCPS requests where this encoding requirements are not satisfied, and we intend to start rejecting such requests.

I'd strongly recommend that OCSP responders not reject requests simply because they are slightly nonconformant.  The practical impact of doing so is reduced security, reduced performance, and increased traffic.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4103 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20140331/6dadb9fc/attachment-0001.p7s>

More information about the Public mailing list