OCSP server response expires before OCSP reply - RFC 5019 section-6.2 breakage


the OCSP server response expires before the OCSP certified reply expires:

server response headers
Date: Tuesday, 19 April 2016 08:41 GMT
Last Modified: Saturday, 16 April 2016 08:00 UTC
Expires: Tuesday, 19 April 2016 20:41 GMT
Cache Control Max-age: 12h0m0s
Server Software: nginx
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MISS from a23-62-98-156.deploy.akamaitechnologies.com (AkamaiGHost/7.4.4-17006907) (-)

OCSP response information
Source: Authority Information Access in Certificate
Location: http://ocsp.int-x3.letsencrypt.org/ (POST)
Size: 532 bytes (DER data)
Response time: 224.635177ms
Signature algorithm: SHA256WithRSA
Signature type: CA Deligated
Reported statuses: 1
This update: Saturday, 16 April 2016 08:00 UTC
Next update: Saturday, 23 April 2016 08:00 UTC
Produced at: Saturday, 16 April 2016 08:02 UTC
Status: Good


Expires cache header is not the same as the NextUpdate field (RFC 5019 section 6.2)


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.