Corey Bonnell writes: >RFC 5019 leverages GET requests to improve cacheability [1]. Given the >performance benefits of implementing RFC 5019, this is likely why the BRs >mandate that CAs must support HTTP GET for their responders.
Ah, right, and since 5019 removes the replay-protection nonces it would make the whole thing cacheable while non-5019 OCSP with nonces wouldn't be. The reason I brought it up is that SCEP has run into problems with GET, see the note at https://datatracker.ietf.org/doc/html/rfc8894.html#section-4.1, which are typically very hard to diagnose because of the conditions under which they occur. Peter. -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/SY4PR01MB625132E3BEBF301B6A6D4C4FEEB79%40SY4PR01MB6251.ausprd01.prod.outlook.com.
