5.1.3 Security Consideration Citations
Implementers of this protocol are advised to consider the following security precautions, as OCSP client and server implementations should observe the following:
Follow generally accepted principles of secure key management. For more information, see section 9 of [RFC3280]. For an introduction to these generally accepted principles, see [CRYPTO] and [HOWARD].
Validate cryptographic parameters prior to issuing or accepting certificates. For more information, see section 9 of [RFC2797].
Validate and verify the certificate path information identified in section 6 of [RFC3280]. See section 9 of [RFC3280] for more information on the requirement for certificate path validation.
Validate and verify the freshness of revocation information of all digital certificates prior to usage, trust, or encryption as identified in section 6.3 of [RFC3280]. See section 9 of [RFC3280] for more information on the requirement for revocation freshness.
Follow all security considerations in section 5 of [RFC2560].
Follow all security considerations discussed throughout [RFC2315] and [RFC2986] as neither normative reference has a specific security section.
Use an authenticated HTTP session between client and server to mitigate denial-of-service attacks. For more information on generic denial-of-service mitigation techniques, see [HOWARD].