Proposed Way Forward (1 of 2) Define a non-critical requestExtension that indicates the hash functions and signature algorithms that are acceptable Define a version 2 of the OCSP Basic Response that includes something like: ResponderKeyHash ::= SEQUENCE { hashAlgorithm AlgorithmIdentifier, responderKeyHash OCTET STRING } |