IETF Logo Mail Archive

Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2560bis-15

"Piyush Jain" <piyush@ditenity.com> Sat, 30 March 2013 00:55 UTC

Return-Path: <piyush@ditenity.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 399C721F8733 for <pkix@ietfa.amsl.com>; Fri, 29 Mar 2013 17:55:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.003
X-Spam-Level:
X-Spam-Status: No, score=-3.003 tagged_above=-999 required=5 tests=[AWL=0.596, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oqeE4AyFze58 for <pkix@ietfa.amsl.com>; Fri, 29 Mar 2013 17:55:29 -0700 (PDT)
Received: from mail-qe0-f52.google.com (mail-qe0-f52.google.com [209.85.128.52]) by ietfa.amsl.com (Postfix) with ESMTP id 8E6A921F872E for <pkix@ietf.org>; Fri, 29 Mar 2013 17:55:29 -0700 (PDT)
Received: by mail-qe0-f52.google.com with SMTP id jy17so480443qeb.39 for <pkix@ietf.org>; Fri, 29 Mar 2013 17:55:29 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:from:to:cc:references:in-reply-to:subject:date :message-id:mime-version:content-type:content-transfer-encoding :x-mailer:thread-index:content-language:x-gm-message-state; bh=XncH86Qa+MF2FQYtXKhAn7ydFvwff1QJguITGGGw4OI=; b=TA9pjbkLC1temdC78VY8t1f4iAPbVzgCl6NUsa8QDTDlXONZX4CFlATl5yIU0LWJEr p1Bog2U1QmG147zannzOXnmndKXpjXkPgetABsvnhyWn5YkX4ZrhsF8OG8h0TtMUEywd zqHYuX1JI0HLoTOf+b6oDUhsN966cCaGNcEU1afyPCktVxd6BoRqdoDKJN11kd5gfRgY qkkLozAZS6h7IhHwYTVObfob4tmTy9q4hen5QH+vFyAM54PCZwNtVKF3kSYFGbSA2FeR whoFvHCVu3vbuFPalN1gSM65F5NyfUcPWUBa8FA0WAl6S3XuUhJAbKmoxDuRgkW/zzyh ipVw==
X-Received: by 10.229.72.195 with SMTP id n3mr1880673qcj.136.1364604928981; Fri, 29 Mar 2013 17:55:28 -0700 (PDT)
Received: from hp13 (75-25-128-241.lightspeed.sjcpca.sbcglobal.net. [75.25.128.241]) by mx.google.com with ESMTPS id gw9sm10385303qab.10.2013.03.29.17.55.27 (version=TLSv1 cipher=RC4-SHA bits=128/128); Fri, 29 Mar 2013 17:55:28 -0700 (PDT)
From: Piyush Jain <piyush@ditenity.com>
To: 'Stefan Santesson' <stefan@aaa-sec.com>, "'Black, David'" <david.black@emc.com>, sts@aaa-sec.com, mmyers@fastq.com, ambarish@gmail.com, slava.galperin@gmail.com, cadams@eecs.uottawa.ca, gen-art@ietf.org
References: <01bc01ce2cc1$4f80e280$ee82a780$@ditenity.com> <CD7BEE15.5F162%stefan@aaa-sec.com>
In-Reply-To: <CD7BEE15.5F162%stefan@aaa-sec.com>
Date: Fri, 29 Mar 2013 17:55:24 -0700
Message-ID: <023401ce2ce1$44448cd0$cccda670$@ditenity.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
thread-index: AQIQHut5P1ALIp35y89UiDxtCrrCl5g5gxKg
Content-Language: en-us
X-Gm-Message-State: ALoCoQl+nb4AVX2Tmr4LFYnKfYMBXJ8dYL6ocOf9WCg2F9CkrLB4pElXqoTZ7Y8RRYnXYMWXyOG+
Cc: pkix@ietf.org
Subject: Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2560bis-15
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pkix>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 30 Mar 2013 00:55:30 -0000

Agreed.

The text, however incorrectly states 
"revoked" status is still optional in this context in order to maintain
backwards compatibility with deployments of RFC 2560.'

Please note the subtle difference between being backward compatible with
deployments and being compliant with standards.

> -----Original Message-----
> From: Stefan Santesson [mailto:stefan@aaa-sec.com]
> Sent: Friday, March 29, 2013 5:21 PM
> To: Piyush Jain; 'Black, David'; sts@aaa-sec.com; mmyers@fastq.com;
> ambarish@gmail.com; slava.galperin@gmail.com; cadams@eecs.uottawa.ca;
> gen-art@ietf.org
> Cc: pkix@ietf.org
> Subject: Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2560bis-15
> 
> Legacy servers would not comply with RFC2560bis IF revoked response for
> non issued certs would be required.
> 
> /Stefan
> 
> On 3/29/13 10:06 PM, "Piyush Jain" <piyush@ditenity.com> wrote:
> 
> >Not sure if I understand.
> >Are you saying legacy servers won't work with 2560bis clients?
> >
> >> On 3/29/13 6:12 PM, "Piyush Jain" <piyush@ditenity.com> wrote:
> >>
> >> >It is your statement about backward compatibility to justify it that
> >> >is incorrect.
> >> >Backward compatibility "with deployments of RFC2560" is not affected
> >> >in either case. Legacy clients will continue to work whether you
> >> >make it required or optional.
> >>
> >> Legacy servers won't
> >>
> >> /Stefan
> >>
> >
> >
>

v2.23.0 | Report a Bug | By Email