On Thu, 10 Mar 2016 00:58:07 +0000 Peter Gutmann <pgut...@cs.auckland.ac.nz> wrote:
> Andrew Ayer [a...@andrewayer.name] writes: > > >Are there clients that will choke if they receive a response without > >the expected nonce? > > See my previous message, since no public CAs honour nonces [0] I > don't think there'd be any problem. As I explained in my original post, I found 209 responders for public CAs that return nonces (and that's just among the responders which use SHA-1 signatures). Regards, Andrew _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy