[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

POST vs GET

To: scep@xxxxxxxx
Subject: POST vs GET
From: AndyTiedye <nourse@xxxxxxxxxxxxxxxxx>
Date: Wed, 25 Feb 2004 20:21:45 -0800
List-archive: <http://www.vpnc.org/scep/mail-archive/>
List-id: <scep.vpnc.org>
List-unsubscribe: <mailto:scep-request@vpnc.org?body=unsubscribe>
Sender: owner-scep@xxxxxxxxxxxxx
User-agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.5) Gecko/20031013 Thunderbird/0.3

Peter Gutmann <> wrote on Friday, February 20, 2004 5:45 PM:


http://www.cs.auckland.ac.nz/~pgut001/cryptlib/ should do it, it's
open-source and does both client and server.
(There is one deviation from the SCEP spec, it uses a standard HTTP
engine  that can't do the (nonstandard) non-idempotent PUT required
by SCEP, so  you'll have to use HTTP POST rather than PUT to submit
requests.


That would prevent it from working with any existing client or CA server.
It is actually a GET, not a PUT.   What standard does it violate besides the
obvious esthetic ones?

I've grumbled about this before, this really should be fixed in the spec

We are working on a new rev to the SCEP specification, so this might be a good time to talk about it.

We can't make the big ugly GETs go away, because that is what all of the installed base uses, and what all of the current CAs expect.

If we change the spec to allow POST, how would a client tell if it is talking to a CA that supports it?

Should there be a GET that gets the SCEP version number and/or capabilities?

since it breaks HTTP proxies and caches).

Proxies and caches should be able to handle the fact that web pages don't stay the same forever.

Andy Nourse
Cisco

Prev by Date: Re: Testing of SCEP client
Previous by thread: Testing of SCEP client
Index(es):
- Date
- Thread