Re: [TLS] draft-ietf-tls-multiple-cert-status-extension-04
Sean Turner <turners@ieca.com> Fri, 29 March 2013 13:02 UTC
Return-Path: <turners@ieca.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AA38B21F9405 for <tls@ietfa.amsl.com>; Fri, 29 Mar 2013 06:02:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.265
X-Spam-Level:
X-Spam-Status: No, score=-102.265 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rw0fjLUGwuBL for <tls@ietfa.amsl.com>; Fri, 29 Mar 2013 06:02:43 -0700 (PDT)
Received: from gateway16.websitewelcome.com (gateway16.websitewelcome.com [69.56.238.10]) by ietfa.amsl.com (Postfix) with ESMTP id 31D4721F93EB for <tls@ietf.org>; Fri, 29 Mar 2013 06:02:43 -0700 (PDT)
Received: by gateway16.websitewelcome.com (Postfix, from userid 5007) id 1DE06A60BD5E9; Fri, 29 Mar 2013 07:37:00 -0500 (CDT)
Received: from gator1743.hostgator.com (gator1743.hostgator.com [184.173.253.227]) by gateway16.websitewelcome.com (Postfix) with ESMTP id 0F9FBA60BD5C8 for <tls@ietf.org>; Fri, 29 Mar 2013 07:37:00 -0500 (CDT)
Received: from [108.45.16.214] (port=52299 helo=thunderfish.local) by gator1743.hostgator.com with esmtpsa (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.80) (envelope-from <turners@ieca.com>) id 1ULYYd-000765-Bs; Fri, 29 Mar 2013 07:37:23 -0500
Message-ID: <51558B02.6070302@ieca.com>
Date: Fri, 29 Mar 2013 08:37:22 -0400
From: Sean Turner <turners@ieca.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:17.0) Gecko/20130307 Thunderbird/17.0.4
MIME-Version: 1.0
To: "Yngve N. Pettersen" <yngve@spec-work.net>
References: <trinity-043a4732-141e-4d05-9c4b-6fd5f176d014-1364475063129@3capp-gmx-bs55> <op.wun04nh03dfyax@killashandra.invalid.invalid>
In-Reply-To: <op.wun04nh03dfyax@killashandra.invalid.invalid>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - gator1743.hostgator.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - ieca.com
X-BWhitelist: no
X-Source:
X-Source-Args:
X-Source-Dir:
X-Source-Sender: (thunderfish.local) [108.45.16.214]:52299
X-Source-Auth: sean.turner@ieca.com
X-Email-Count: 16
X-Source-Cap: ZG9tbWdyNDg7ZG9tbWdyNDg7Z2F0b3IxNzQzLmhvc3RnYXRvci5jb20=
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] draft-ietf-tls-multiple-cert-status-extension-04
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Mar 2013 13:02:43 -0000
On 3/28/13 12:51 PM, Yngve N. Pettersen wrote: > > Hello Hannes > > Thanks for the review. > > 1) Updating RFC 6066 > > It might be that it can be said to update 6066, but I have leaned > towards that it is not updating 6066, since, while most of the new > structures are derived from the 6066 definitions, they are really only > defined for the new extension. > > If RFC 6066 had only defined the OCSP stapling system, I would have been > inclined to say my draft obsoleted it, but that is not workable since > there are other extensions defined in it. > > It could be that the update of the CertificateStatus message count as > such an update, even if it is only defined for the new extension. > > Do the Chairs or AD have any opinions on this? > > >> Would you expect that someone uses RFC 6066 or would they instead use >> draft-ietf-tls-multiple-cert-status-extension-04 >> with respect to the OCSP procedure? > > In a transition phase I would expect clients to send both the 6066 > CertificateStatus request extension, and the new one defined by my > draft. Long term I would expect a change to only using the new extension. If this is a new standalone extension, then it doesn't update RFC 6066. In the past "updates" has sometimes been used as a "see also" tag, but that's now gently being stomped out. > Servers supporting both should IMO return the new extension. If you say this in the draft then I'd be leaning towards an update. That is if you changing behavior about an extension that's in 6066 it's an update. spt
- [TLS] draft-ietf-tls-multiple-cert-status-extensi… Hannes Tschofenig
- Re: [TLS] draft-ietf-tls-multiple-cert-status-ext… Yngve N. Pettersen
- Re: [TLS] draft-ietf-tls-multiple-cert-status-ext… Sean Turner
- Re: [TLS] draft-ietf-tls-multiple-cert-status-ext… Yngve N. Pettersen