What about the Responder? How does the requestor know which hash functions and signature algorithms are supported by the OCSP Responder? Three options: Add optional query / response Requestor can ask, and then cache the answer OCSP Responder Certificate Similar to SMIMECapabilities extension Assume Requestor configuration Fine for some deployments, but not others |