Technical Summary
RFC 8954 imposed the size constraints on the optional Nonce extension
for the Online Certificate Status Protocol (OCSP). OCSP is used for
checking the status of a certificate, and the Nonce extension is used
to cryptographically bind an OCSP response message to a particular
OCSP request message.
Some environments use cryptographic algorithms that generate a Nonce
value that is longer than 32 octets. This document updates the
maximum allowed length of Nonce to 128 octets. This document also
modifies Nonce section to clearly define the encoding format and
values distinctively for an easier implementation and understanding.
This document obsoletes RFC 8954 and provides updated ASN.1 modules
for OCSP, updates RFC 6960.
Working Group Summary
There is consensus for this document in the LAMPS WG. There was nothing of significance to note.
Document Quality
OCSP has wide support.
Personnel
The Document Shepherd for this document is Russ Housley.
The Responsible Area Director is Roman Danyliw.