Re: [Gen-art] Gen-art last call review of draft-ietf-tls-multiple-cert-status-extension-04
"Yngve N. Pettersen" <yngve@spec-work.net> Sat, 23 March 2013 13:12 UTC
Return-Path: <yngve@spec-work.net>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 03B6121F89C7 for <gen-art@ietfa.amsl.com>; Sat, 23 Mar 2013 06:12:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iJKy5IGqXmL3 for <gen-art@ietfa.amsl.com>; Sat, 23 Mar 2013 06:12:54 -0700 (PDT)
Received: from smtp.domeneshop.no (smtp.domeneshop.no [194.63.252.54]) by ietfa.amsl.com (Postfix) with ESMTP id 4549721F89AA for <gen-art@ietf.org>; Sat, 23 Mar 2013 06:12:54 -0700 (PDT)
Received: from 239.171.251.212.customer.cdi.no ([212.251.171.239]:62302 helo=killashandra.invalid.invalid) by smtp.domeneshop.no with esmtpsa (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.72) (envelope-from <yngve@spec-work.net>) id 1UJOFg-0004DQ-Nr; Sat, 23 Mar 2013 14:12:52 +0100
Content-Type: text/plain; charset="iso-8859-15"; format="flowed"; delsp="yes"
To: Elwyn Davies <elwynd@dial.pipex.com>
References: <514BA8CC.5000700@dial.pipex.com> <op.wuebbulj3dfyax@killashandra.invalid.invalid> <1364042911.23866.4628.camel@mightyatom>
Date: Sat, 23 Mar 2013 14:12:48 +0100
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: "Yngve N. Pettersen" <yngve@spec-work.net>
Message-ID: <op.wuehnmp93dfyax@killashandra.invalid.invalid>
In-Reply-To: <1364042911.23866.4628.camel@mightyatom>
User-Agent: Opera Mail/12.14 (Win32)
Cc: General Area Review Team <gen-art@ietf.org>, draft-ietf-tls-multiple-cert-status-extension.all@tools.ietf.org
Subject: Re: [Gen-art] Gen-art last call review of draft-ietf-tls-multiple-cert-status-extension-04
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/gen-art>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 23 Mar 2013 13:12:55 -0000
Hi, On Sat, 23 Mar 2013 13:48:30 +0100, Elwyn Davies <elwynd@dial.pipex.com> wrote: >> > Nits/editorial comments: > <<snip>> >> > s2.2, para 4 on page 5: >> >> In the case of the "id-pkix-ocsp-nonce" OCSP extension, [RFC2560 >> >> <http://tools.ietf.org/html/rfc2560>] is >> >> unclear about its encoding; for clarification,..... >> > This probably needs to be flagged up in the IANA considerations so >> that >> > an additional reference is added to the registry. >> > ALSO I subsequently noted that this same caveat is already in RFC >> 6066. >> > Consider referring to the caveat there rather than duplicating it. >> >> This language is, as you mention, a copy of the RFC 6066 note about this >> problem. >> >> I think it is better to duplicate it, since it is so small. A longer and >> more complex section would probably have been referenced, but adding >> such >> references for small informational text would IMO make the document less >> readable. > > Fair enough - and I realize this isn't an IANA matter. However, if this > is an issue for RFC 2560, shouldn't somebody file an erratum? I > couldn't see anything about this in the current set of errata. It is actually corrected in RFC2560bis <http://datatracker.ietf.org/doc/draft-ietf-pkix-rfc2560bis/> (sec. 4.4.1), currently in PKIX WG Last Call. At present my document is not linked to that document (since that would create a dependency that could block publication), although that might happen if they are actually published around the same time (as Sean is thinking of). Even if it is linked, I think this information should be left in the document, to be on the safe side. As background, to my knowledge no mass market client actually send this OCSP extension, particularly in the stapling request; I am also not aware that any general OCSP responder support it, although I have heard mentions that high security (military) responders do. (Opera did send it in the early OCSP implementations when querying OCSP responders directly). Except for special usage scenarios (like the military one) using this extension and expecting it to be used in the response will lead to extra load on both the server and the responder, as well as extra overhead, removing much of the benefit of the stapling system. -- Sincerely, Yngve N. Pettersen Using Opera's mail client: http://www.opera.com/mail/
- [Gen-art] Gen-art last call review of draft-ietf-… Elwyn Davies
- Re: [Gen-art] Gen-art last call review of draft-i… Yngve N. Pettersen
- Re: [Gen-art] Gen-art last call review of draft-i… Elwyn Davies
- Re: [Gen-art] Gen-art last call review of draft-i… Yngve N. Pettersen
- Re: [Gen-art] Gen-art last call review of draft-i… Elwyn Davies
- Re: [Gen-art] Gen-art last call review of draft-i… Yngve N. Pettersen