IETF Logo Mail Archive

Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2560bis-15

"Piyush Jain" <piyush@ditenity.com> Sun, 31 March 2013 00:53 UTC

Return-Path: <piyush@ditenity.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B5A2321F8749 for <pkix@ietfa.amsl.com>; Sat, 30 Mar 2013 17:53:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.976
X-Spam-Level:
X-Spam-Status: No, score=-0.976 tagged_above=-999 required=5 tests=[AWL=-1.572, BAYES_00=-2.599, DOS_OUTLOOK_TO_MX=1, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, HELO_EQ_LT4=0.442, RDNS_DYNAMIC=0.1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 24zdqwtE1-2v for <pkix@ietfa.amsl.com>; Sat, 30 Mar 2013 17:53:30 -0700 (PDT)
Received: from mail-qc0-x231.google.com (mail-qc0-x231.google.com [IPv6:2607:f8b0:400d:c01::231]) by ietfa.amsl.com (Postfix) with ESMTP id 379FF21F8726 for <pkix@ietf.org>; Sat, 30 Mar 2013 17:53:29 -0700 (PDT)
Received: by mail-qc0-f177.google.com with SMTP id u28so643089qcs.22 for <pkix@ietf.org>; Sat, 30 Mar 2013 17:53:29 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:from:to:cc:references:in-reply-to:subject:date :message-id:mime-version:content-type:content-transfer-encoding :x-mailer:thread-index:content-language:x-gm-message-state; bh=TXtTjwDHOZFr+pgv0Xz5diIkh1iJ5owAk3sjEjEuFTY=; b=ISrGGWlAeQ17g5O4ldr6JkKzzNkHXjitNOuxEv9r5UINd/kQpLIsw3IYVHUgsiE9zg 81stmpN/XOviGpl/T3SfjbedLAwiTfKZwiVAgY+Oc8lnIoLI9ebaP1m2jWkobPWY7IXJ zihVQBGdt3doROEieYU3VjpbLjvfKJFLORWgMJpl/85s1OR9loYasqGjb2A0T6IpiAIN PsaREeJaVnYZgUnAe9ead9r4peo5znmLZV4YAsWXSKgrFBGOOUPp0rKAqbtqdb1Bc2wv 8Pc9UNxnO/qiwJWKHPFadA3hu8w+ntC/rZsqK3/GNc9sN3GNPDt0W+tywTt4jPrBDU5v aXOQ==
X-Received: by 10.224.149.193 with SMTP id u1mr8530365qav.97.1364691209386; Sat, 30 Mar 2013 17:53:29 -0700 (PDT)
Received: from hp13 (75-25-128-241.lightspeed.sjcpca.sbcglobal.net. [75.25.128.241]) by mx.google.com with ESMTPS id ku2sm13735600qeb.4.2013.03.30.17.53.27 (version=TLSv1 cipher=RC4-SHA bits=128/128); Sat, 30 Mar 2013 17:53:28 -0700 (PDT)
From: Piyush Jain <piyush@ditenity.com>
To: 'Stefan Santesson' <stefan@aaa-sec.com>, "'Black, David'" <david.black@emc.com>, sts@aaa-sec.com, mmyers@fastq.com, ambarish@gmail.com, slava.galperin@gmail.com, cadams@eecs.uottawa.ca
References: <023401ce2ce1$44448cd0$cccda670$@ditenity.com> <CD7D3A0F.5F1AA%stefan@aaa-sec.com>
In-Reply-To: <CD7D3A0F.5F1AA%stefan@aaa-sec.com>
Date: Sat, 30 Mar 2013 17:53:25 -0700
Message-ID: <033001ce2daa$2826e150$7874a3f0$@ditenity.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
thread-index: AQH+nYEO0mMdaySTI1Wq5Cz3Zlq4EZheELgg
Content-Language: en-us
X-Gm-Message-State: ALoCoQnRiNps2HnEJgLq2Hl2kRklcpte62CMr3lKZ9C8yjKhnEULDJR5vJxFBv5ZNNz8aONnJC86
Cc: pkix@ietf.org
Subject: Re: [pkix] Gen-ART review of draft-ietf-pkix-rfc2560bis-15
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pkix>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 31 Mar 2013 00:53:30 -0000

> This is what backward compatibility of a standard is.
> A standard is backwards compatible if any valid implementation of the old
> standard is also a valid implementation of the revised standard.

And I always thought that compatibility applies to implementations.

Anyway, I'm pasting David's interpretation of the text that he sent in one
of the messages in this thread. I would appreciate it if you can share you
thoughts on this interpretation.
If this is how most people see it, they would conclude that both clients and
server would need to be updated together if servers start returning revoked
for non-issued. I know that this is not what you trying to convey.
 

Pasted from David's message
~~~~~~~~~~~~~~~~~~~~~~
"The usual backwards compatibility concern is mixed new/legacy deployments.
In this case, the specifics appear to be:
New clients with legacy servers cannot expect to see "revoked" in this case.
This matters because a hypothetical client coded to depend on a "revoked"
response in this case won't work correctly with legacy servers (even though
it'd be rather questionable to code that dependency into a new client -
never underestimate the creativity and cleverness of implementers).
New servers with legacy clients risk breaking clients that can't cope with
"revoked" in this case, as you noted:"
End
~~~

v2.23.0 | Report a Bug | By Email