Re: [Gen-art] Gen-art last call review of draft-ietf-tls-multiple-cert-status-extension-04
Elwyn Davies <elwynd@dial.pipex.com> Sat, 23 March 2013 15:57 UTC
Return-Path: <elwynd@dial.pipex.com>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0617321F8514 for <gen-art@ietfa.amsl.com>; Sat, 23 Mar 2013 08:57:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SQukp0MbW3R2 for <gen-art@ietfa.amsl.com>; Sat, 23 Mar 2013 08:57:48 -0700 (PDT)
Received: from b.painless.aa.net.uk (b.painless.aa.net.uk [IPv6:2001:8b0:0:30::51bb:1e34]) by ietfa.amsl.com (Postfix) with ESMTP id BD50E21F84D9 for <gen-art@ietf.org>; Sat, 23 Mar 2013 08:57:47 -0700 (PDT)
Received: from mightyatom.folly.org.uk ([81.187.254.250]) by b.painless.aa.net.uk with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.72) (envelope-from <elwynd@dial.pipex.com>) id 1UJQpF-0000rJ-7o; Sat, 23 Mar 2013 15:57:46 +0000
From: Elwyn Davies <elwynd@dial.pipex.com>
To: "Yngve N. Pettersen" <yngve@spec-work.net>
In-Reply-To: <op.wuehnmp93dfyax@killashandra.invalid.invalid>
References: <514BA8CC.5000700@dial.pipex.com> <op.wuebbulj3dfyax@killashandra.invalid.invalid> <1364042911.23866.4628.camel@mightyatom> <op.wuehnmp93dfyax@killashandra.invalid.invalid>
Content-Type: text/plain
Date: Sat, 23 Mar 2013 15:54:26 +0000
Message-Id: <1364054066.23866.4665.camel@mightyatom>
Mime-Version: 1.0
X-Mailer: Evolution 2.26.3
Content-Transfer-Encoding: 7bit
Cc: General Area Review Team <gen-art@ietf.org>, draft-ietf-tls-multiple-cert-status-extension.all@tools.ietf.org
Subject: Re: [Gen-art] Gen-art last call review of draft-ietf-tls-multiple-cert-status-extension-04
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/gen-art>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 23 Mar 2013 15:57:49 -0000
On Sat, 2013-03-23 at 14:12 +0100, Yngve N. Pettersen wrote: > Hi, > > On Sat, 23 Mar 2013 13:48:30 +0100, Elwyn Davies <elwynd@dial.pipex.com> > wrote: > > >> > Nits/editorial comments: > > <<snip>> > >> > s2.2, para 4 on page 5: > >> >> In the case of the "id-pkix-ocsp-nonce" OCSP extension, [RFC2560 > >> >> <http://tools.ietf.org/html/rfc2560>] is > >> >> unclear about its encoding; for clarification,..... > >> > This probably needs to be flagged up in the IANA considerations so > >> that > >> > an additional reference is added to the registry. > >> > ALSO I subsequently noted that this same caveat is already in RFC > >> 6066. > >> > Consider referring to the caveat there rather than duplicating it. > >> > >> This language is, as you mention, a copy of the RFC 6066 note about this > >> problem. > >> > >> I think it is better to duplicate it, since it is so small. A longer and > >> more complex section would probably have been referenced, but adding > >> such > >> references for small informational text would IMO make the document less > >> readable. > > > > Fair enough - and I realize this isn't an IANA matter. However, if this > > is an issue for RFC 2560, shouldn't somebody file an erratum? I > > couldn't see anything about this in the current set of errata. > > It is actually corrected in RFC2560bis > <http://datatracker.ietf.org/doc/draft-ietf-pkix-rfc2560bis/> (sec. > 4.4.1), currently in PKIX WG Last Call. Ah.. That's fine... I don't follow pkix! > > At present my document is not linked to that document (since that would > create a dependency that could block publication), although that might > happen if they are actually published around the same time (as Sean is > thinking of). Even if it is linked, I think this information should be > left in the document, to be on the safe side. That's also fine. It doesn't need the hassle but obviously updating the ref later would help if it doesn't delay things > > As background, to my knowledge no mass market client actually send this > OCSP extension, particularly in the stapling request; I am also not aware > that any general OCSP responder support it, although I have heard mentions > that high security (military) responders do. (Opera did send it in the > early OCSP implementations when querying OCSP responders directly). Except > for special usage scenarios (like the military one) using this extension > and expecting it to be used in the response will lead to extra load on > both the server and the responder, as well as extra overhead, removing > much of the benefit of the stapling system. > Such is life! Thanks for the explanation. /Elwyn
- [Gen-art] Gen-art last call review of draft-ietf-… Elwyn Davies
- Re: [Gen-art] Gen-art last call review of draft-i… Yngve N. Pettersen
- Re: [Gen-art] Gen-art last call review of draft-i… Elwyn Davies
- Re: [Gen-art] Gen-art last call review of draft-i… Yngve N. Pettersen
- Re: [Gen-art] Gen-art last call review of draft-i… Elwyn Davies
- Re: [Gen-art] Gen-art last call review of draft-i… Yngve N. Pettersen