Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2560bis-15

Stefan Santesson <stefan@aaa-sec.com> Fri, 29 March 2013 16:37 UTC

User-Agent: Microsoft-MacOutlook/14.3.2.130206
Date: Fri, 29 Mar 2013 17:37:10 +0100
From: Stefan Santesson <stefan@aaa-sec.com>
To: Piyush Jain <piyush@ditenity.com>, "'Black, David'" <david.black@emc.com>, sts@aaa-sec.com, mmyers@fastq.com, ambarish@gmail.com, slava.galperin@gmail.com, cadams@eecs.uottawa.ca, gen-art@ietf.org
Message-ID: <CD7B80C0.5F100%stefan@aaa-sec.com>
Thread-Topic: [pkix] Gen-ART review of draft-ietf-pkix-rfc2560bis-15
In-Reply-To: <00fc01ce2c98$ddc41770$994c4650$@ditenity.com>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
Cc: pkix@ietf.org, ietf@ietf.org
Subject: Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2560bis-15
Precedence: list

On 3/29/13 5:17 PM, "Piyush Jain" <piyush@ditenity.com> wrote:

>' "revoked" status is still optional in this context in order to maintain
>backwards compatibility with deployments of RFC 2560.'
>
>I fail to understand this statement about backward compatibility.
>How does "revoked" being "optional/required breaks backward compatibility?
>The only reason cited in the WG discussions to use revoked for
>"not-issued"
>was that any other approach would break backward compatibility with legacy
>clients. And now the draft says that revoked is optional because making it
>required won't be backward compatible.

Yes. Making it required would prohibit other valid ways to respond to this
situation that is allowed by RFC 2560 and RFC 5019.
Such as responding "good" or responding with "unauthorized" error.

>
>And it gives the impression that best course of action for 2560bis
>responders is to start issuing revoked for "not-issued", which is far from
>the originally stated goal to provide a way for CAs to be able to return
>revoked for such serial numbers.

The latter is what optional means.

/Stefan

[pkix] Gen-ART review of draft-ietf-pkix-rfc2560b… Black, David
Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Stefan Santesson
Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Sean Turner
Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Black, David
Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Stefan Santesson
Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Stefan Santesson
Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Stefan Santesson
Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Black, David
Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Black, David
Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Black, David
Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Stefan Santesson
Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15 Piyush Jain
[pkix] Gen-ART review of draft-ietf-pkix-rfc2560b… Black, David
Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Piyush Jain
Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Stefan Santesson
Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Piyush Jain
Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Piyush Jain
Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Stefan Santesson
Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15 Martin Rex
Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Piyush Jain
Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Stefan Santesson
Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Piyush Jain
Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Stefan Santesson
Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Piyush Jain
Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Black, David
Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Black, David
[pkix] review of draft-ietf-pkix-rfc2560bis-15 Peter Rybar
Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15 Stefan Santesson
Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15 Piyush Jain
Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15 Martin Rex
Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15 Martin Rex
Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15 Piyush Jain
Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15 Martin Rex
Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15 Andris Berzins
Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15 Piyush Jain
Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15 Andris Berzins
Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15 Martin Rex
Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15 Piyush Jain
Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15 Stefan Santesson
Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15 Martin Rex
Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15 Peter Rybar
Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15 Martin Rex
Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15 Peter Rybar
Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Martin Rex
Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Piyush Jain
Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Martin Rex
Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Piyush Jain
Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Sean Turner
Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15 Sean Turner
Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15 Martin Rex
Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15 Peter Rybar
Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Piyush Jain
Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Piyush Jain
Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Sean Turner
Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Piyush Jain
Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Black, David
Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Stefan Santesson
Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Piyush Jain
Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Black, David
Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Piyush Jain
Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2… Stefan Santesson