The Online Certificate Status protocol (OCSP), RFC 2560 is a core PKIX query
response protocol for obtaining certificate status information. The OSCP
specification requires server responses to be signed but does not specify a
mechanism for selecting the signature algorithm to be used leading to possible
interoperability failures in contexts where multiple signature algorithms are in
use. This document specifies an algorithm for server signature algorithm
selection and an extension that allows a client to advise a server that specific
signature algorithms are supported.
Work Group Summary
The first draft was submitted about a year ago but did not gain momentum as the
author changed employment. A second author was assigned in July to speed up the
process. The WG discussions focused mainly on the algorithm selection algorithm,
mandatory to implement algorithms and how to specify algorithms. The discussions
were productive but non-controversial.
The document is brief and clearly written.
Steve Kent is the Document Shepherd. Tim Polk is the
Responsible Area Director.