cfssl icon indicating copy to clipboard operation
cfssl copied to clipboard

Published 20 hours ago verified publisher icon cloudflare

Understanding OSCP nonce support

Open gdhgdhgdh opened this issue 7 years ago • 2 comments

When reading about OCSP in general I see that each request / response pair supports the use of a nonce to help guard against replay attacks.

Hence I was surprised to read at https://github.com/cloudflare/cfssl/blob/master/ocsp/responder.go#L227 that We don't intend to support nonces - would you mind describing why this is the case?

gdhgdhgdh avatar Mar 20 '17 09:03 gdhgdhgdh