RFC 2560: OCSP Signature and hash algorithms specified by OID, so could use any well-defined algs Client Support for DSA required, RSA recommended OCSP responders MUST support SHA-1 Error messages do not address algorithm suite And error messages are not signed… |