'Corey Bonnell' via [email protected] writes: >Section 4.9.10 of the BRs [1] specifies that “OCSP responders operated by the >CA SHALL support the HTTP GET method
Regardless of the URL-encoding issues, isn't this wrong in any case since GET is idempotent but OCSP isn't? So the solution isn't to try and patch up the use of the wrong HTTP mechanism but to require the use of non-idempotent POST to match the non-idempotent OCSP, and then the URL-encoding issue resolves itself. Peter. -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/SY4PR01MB625181E9F6A7D472CF3390ECEEB29%40SY4PR01MB6251.ausprd01.prod.outlook.com.
