OCSP - Adding Agility Both the request and response include extensions Client can request server algs Server can return accepted algs in error message First roundtrip effectively reduces to negotiation, second RT uses negotiated cipher suite But requests and error messages would need to be signed! Negotiating algorithm suites with unsigned messages is vulnerable to downgrade attacks |