draft-brockhaus-lamps-lightweight-cmp-profile-03

Internet-Draft           Lightweight CMP Profile            January 2020


   the EE can continue the original message sequence as described in the
   respective section of this document, e.g., send a certConf message.

   Typically, intermediate PKI entities SHOULD NOT change the sender and
   recipient nonce even in case an intermediate (L)RA modifies a request
   or a response message.  In the special case of polling between EE and
   LRA with offline transport between an LRA and RA, see Section 6.1.4,
   an exception occurs.  The EE and LRA exchange pollReq and pollRep
   messages handle the nonce words as described.  When, after pollRep,
   the final response from the CA arrives at the LRA, the next response
   will contain the recipientNonce set to the value of the senderNonce
   in the original request message (copied by the CA).  The LRA needs to
   replace the recipientNonce in this case with the senderNonce of the
   last pollReq because the EE will validate it in this way.





































Brockhaus, et al.         Expires July 30, 2020                [Page 41]