On February 23, 2004, VeriSign will update the OCSP service currently available at http://ocsp.verisign.com/ to allow for the support of extremely high transaction volumes. These changes are being implemented to ensure our OCSP services continue to scale and perform as new applications and platforms which support OCSP are introduced into the marketplace. Note that this change only effects VeriSign and Thawte retail products including SSL/TLS and code signing certificates. Enterprise OCSP services available at http://onsite-ocsp.verisign.com/ are not effected by this update.
The changes we are making to scale our OCSP responder service will result in the discontinuation of support for the nonce extension. With this new OCSP responder service, clients should not expect a nonce in the response to a request that contains a nonce. Details regarding responder behavior, how clients can ensure a response is fresh, additional security considerations and suggested caching behavior has been documented in an internet-draft co-authored by VeriSign and Microsoft available at http://www.ietf.org/internet-drafts/draft-deacon-lightweight-ocsp-profile-00 .txt VeriSign's tests have shown that most of the widely deployed OCSP clients and toolkits are not effected by this change. However, because our OCSP services may be used in other applications there is the possibility that some users may be impacted by this update. For more information see http://www.verisign.com/support/vendors/ocsp.html. Regards, Alex [EMAIL PROTECTED] _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
