[gnutls-devel] Support for OCSP Must-staple ?
Nikos Mavrogiannopoulos
nmav at gnutls.org
Tue May 31 14:42:14 CEST 2016
On Tue, May 31, 2016 at 10:42 AM, Tim Ruehsen <tim.ruehsen at gmx.de> wrote:
> Just found one: suche.org
>
> Unknown extension 1.3.6.1.5.5.7.1.24 (not critical):
> ASCII: 0....
> Hexdump: 3003020105
Thank you. It seems it is correctly listed from certtool in master:
TLS Features (not critical):
Status Request(5)
However, I realized that this pkix extension is quite undefined. There
is no well-defined behavior for "status_request_v2" and that issue
will show up once (and if) the multiple ocsp responses get deployed.
I've sent a mail to the author of rfc7633 and saag [0], but it is
unknown whether anything productive will come out of it. Most likely
this TlsFeature extension will be used with a single value (5) to
indicate for ocsp status request or the multi one.
regards,
Nikos
[0]. https://mailarchive.ietf.org/arch/msg/saag/52aBuwqIP30dIcIVCkDw6v59YN0
More information about the Gnutls-devel
mailing list