Open
Bug 943651
Opened 11 years ago
Updated 6 months ago
Add support for the PreferredSignatureAlgorithms OCSP request extension
Categories
(NSS :: Libraries, enhancement, P5)
NSS
Libraries
Tracking
(Not tracked)
NEW
People
(Reporter: briansmith, Unassigned)
References
(Depends on 1 open bug, Blocks 1 open bug, )
Details
For compatibility reasons, we have to assume that the OCSP responder that we're sending an OCSP request to can only understand SHA-1 hashes in the OCSP request. RFC 6990 sectoin 4.4.7 defines an OCSP request extension wherein the OCSP request can indicate that the client supports/prefers additional signature algorithms. As the RFC indicates, the OCSP responder can usually just assume that the client can verify signatures on OCSP responses that are of the same algorithm used to sign the certificate that the OCSP response is for, but this doesn't help the OCSP responder decide what signature algorithm to use for successful Unknown responses.
Reporter | ||
Updated•11 years ago
|
Depends on: 663315
Summary: Add support for the PreferredSignatureAlgorithms OCSP request extension ( → Add support for the PreferredSignatureAlgorithms OCSP request extension
Reporter | ||
Updated•10 years ago
|
Updated•2 years ago
|
Severity: normal → S3
Updated•6 months ago
|
Severity: S3 → S4
Priority: -- → P5
You need to log in
before you can comment on or make changes to this bug.
Description
•