Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-3133

Support RFC6960 extension for client requested algorithm selection

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: EJBCA 6.1.0
    • Component/s: None
    • Labels:
      None

      Description

      RFC6960 has a new client extension for requesting algorithm selection.

      o Section 4.4.7 specifies a new extension that may be included in a
      request message to specify signature algorithms the client would
      prefer the server use to sign the response as specified in

      We should improve the OCSP responders algorithm selection algorithm. The are available signature algorithms, and if the client requests a specific signature algorithm, and it is consistent with the signature keys, it should be used.
      If the client requested signature algorithm is not among available algorithms (currently configured in ocsp.properties), or consistent with the signature key (i.e. RSA algorithm for ECC keys), the default selected (same criteria as today) should be used.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                aveen Aveen Ismail
                Reporter:
                tomas Tomas Gustavsson
                Verified by:
                Mike Kushner
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: