Hi Peter! Thank you for your feedback. I'd love to get away from GET requests, but as long as they are specified, we need to support them according to the RFCs. And I've been in discussions with the vendor of one OCSP responder, which has a problem with exactly this '+'-sign and the vendor insists on being compliant with the RFCs as he believes there must be no '+'-sign in the request.
[email protected] schrieb am Montag, 3. Januar 2022 um 16:34:23 UTC+1: > Rufus Buschart <[email protected]> writes: > > >With this section applied to the OCSP GET request context > > ^^^ > Ah, I see yer problem right there... > > (Just use POST and the problem goes away, yet another reason why GET is the > wrong thing to do for PKI applications). > > Peter. > > -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/b8fbef00-f263-46f0-911b-baf762fe80adn%40mozilla.org.
