RFC Errata
RFC 6960, "X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP", June 2013
Note: This RFC has been updated by RFC 8954, RFC 9654
Source of RFC: pkix (sec)
Errata ID: 5929
Status: Rejected
Type: Technical
Publication Format(s) : TEXT
Reported By: Mohit Sahni
Date Reported: 2019-12-06
Rejected by: Benjamin Kaduk
Date Rejected: 2019-12-10
Section 4.4.1 says:
The nonce cryptographically binds a request and a response to prevent replay attacks. The nonce is included as one of the requestExtensions in requests, while in responses it would be included as one of the responseExtensions. In both the request and the response, the nonce will be identified by the object identifier id-pkix-ocsp-nonce, while the extnValue is the value of the nonce. id-pkix-ocsp OBJECT IDENTIFIER ::= { id-ad-ocsp } id-pkix-ocsp-nonce OBJECT IDENTIFIER ::= { id-pkix-ocsp 2 } Nonce ::= OCTET STRING
Notes:
In section 4.1.1, the standard MUST define a maximum length for Nonce or the Nonce MUST be of a defined fixed length. The current implementations that follow this standard are vulnerable to denial of service attacks since they will try to accept even the large size OCSP requests with very big nonce value and eventually will consume more memory.
--VERIFIER NOTES--
Rejected per submitter after discussion.
This is an enhancement request and will be discussed on the lamps@ietf.org mailing list.