Re: [TLS] cached-info and multiple-ocsp
Rob Stradling <rob.stradling@comodo.com> Tue, 26 March 2013 21:40 UTC
Return-Path: <rob.stradling@comodo.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1FA7521F8CAE for <tls@ietfa.amsl.com>; Tue, 26 Mar 2013 14:40:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tmvRDq9k+i0b for <tls@ietfa.amsl.com>; Tue, 26 Mar 2013 14:40:23 -0700 (PDT)
Received: from mmmail2.mcr.colo.comodoca.net (mdfw.comodoca.net [91.209.196.68]) by ietfa.amsl.com (Postfix) with ESMTP id 91F9D21F8C8F for <tls@ietf.org>; Tue, 26 Mar 2013 14:40:17 -0700 (PDT)
Received: (qmail 13443 invoked from network); 26 Mar 2013 21:40:16 -0000
Received: from ian.brad.office.comodo.net (192.168.0.202) by mail.colo.comodoca.net with ESMTPS (DHE-RSA-AES256-SHA encrypted); 26 Mar 2013 21:40:16 -0000
Received: (qmail 5425 invoked by uid 1000); 26 Mar 2013 21:40:16 -0000
Received: from nigel.brad.office.comodo.net (HELO [192.168.0.58]) (192.168.0.58) (smtp-auth username rob, mechanism plain) by ian.brad.office.comodo.net (qpsmtpd/0.40) with (CAMELLIA256-SHA encrypted) ESMTPSA; Tue, 26 Mar 2013 21:40:16 +0000
Message-ID: <515215BF.2060303@comodo.com>
Date: Tue, 26 Mar 2013 21:40:15 +0000
From: Rob Stradling <rob.stradling@comodo.com>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:17.0) Gecko/20130307 Thunderbird/17.0.4
MIME-Version: 1.0
To: Hannes Tschofenig <Hannes.Tschofenig@gmx.net>
References: <4EF84292.50201@gmx.net> <4F2FC5AA.5070600@comodo.com> <7E329BCB-EFA1-423B-8F20-F6EA382D2901@gmx.net> <5147113D.2070304@comodo.com>, <A95B4818FD85874D8F16607F1AC7C628AA5F9D@xmb-rcd-x09.cisco.com> <trinity-4c224f45-96e6-4101-ba39-e131c7756d04-1364307402054@3capp-gmx-bs15>
In-Reply-To: <trinity-4c224f45-96e6-4101-ba39-e131c7756d04-1364307402054@3capp-gmx-bs15>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] cached-info and multiple-ocsp
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Mar 2013 21:40:25 -0000
On 26/03/13 14:16, Hannes Tschofenig wrote: > Hi Rob, Hi Hannes. <snip> > Regarding RFC 6066: It includes a number of features but I guess you are > interested in allowing to omit send the OCSP response from the server to > the client. Yes. > Regarding multiple-ocsp: I guess you refer to > http://tools.ietf.org/html/draft-ietf-tls-multiple-cert-status-extension-04 > rather than > http://tools.ietf.org/html/draft-pettersen-tls-ext-multiple-ocsp-03. Yes. > In draft-ietf-tls-multiple-cert-status-extension-04 I guess you are > interested in omitting the multiple OCSP responses (which is an > extension to RFC 6066). Yes. > Just want to confirm that I am looking at the right documents/functionality. > To ask you further questions have a look at RFC 6066. The OCSP response > is defined as follows: > > struct { > CertificateStatusType status_type; > select (status_type) { > case ocsp: OCSPResponse; > } response; > } CertificateStatus; > > opaque OCSPResponse<1..2^24-1>; > > Would you expect that the entire "CertificateStatus" message is omitted, > which RFC 6066 seems to allow? Yes. > Ciao > Hannes > *Gesendet:* Montag, 18. März 2013 um 16:18 Uhr > *Von:* "Joseph Salowey (jsalowey)" <jsalowey@cisco.com> > *An:* "Rob Stradling" <rob.stradling@comodo.com> > *Cc:* "<tls@ietf.org>" <tls@ietf.org> > *Betreff:* Re: [TLS] cached-info and multiple-ocsp > Hi Rob, > > We still plan on moving this draft forward. A revision is in the works. > Please work with the authors to define some candidate text for multi-OCSP. > > Thanks, > > Joe > On Mar 18, 2013, at 6:06 AM, Rob Stradling <rob.stradling@comodo.com> wrote: > > > Hannes, Stefan, > > > > I see that draft-ietf-tls-cached-info-13 expired a couple of days ago. > > > > Does this WG still intend to progress cached-info to RFC status? > > > > On 13/07/12 10:40, Hannes Tschofenig wrote: > > <snip> > >>> Or, is it your explicit intention to restrict cached-info so that > it only supports the "standard" TLS handshake objects (e.g. Certificate, > Trusted CAs list). > >>> (I can see that such a restriction could help to ensure that > client-side code can be implemented entirely within the network layer > rather than bleeding into the application layer). > >> > >> There is no intention to restrict the functionality to certain > extensions. > >> > >> I do, however, believe that new documents should add a description > to their document how this document could be used in combination with > the TLS cached information extension. > >> > >> I don't think it makes sense to add text about, for example, > draft-pettersen-tls-ext-multiple-ocsp when that work is still in progress. > > > > Since multiple-ocsp is currently in IESG call, it seems likely that > multiple-ocsp will reach RFC status before cached-info. > > > > Therefore, please could text be added to cached-info to specify its > use with both of the CertificateStatus extensions (RFC6066 and > multiple-ocsp) ? > > > > -- > > Rob Stradling > > Senior Research & Development Scientist > > COMODO - Creating Trust Online > > > > _______________________________________________ > > TLS mailing list > > TLS@ietf.org > > https://www.ietf.org/mailman/listinfo/tls > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls -- Rob Stradling Senior Research & Development Scientist COMODO - Creating Trust Online Office Tel: +44.(0)1274.730505 Office Fax: +44.(0)1274.730909 www.comodo.com COMODO CA Limited, Registered in England No. 04058690 Registered Office: 3rd Floor, 26 Office Village, Exchange Quay, Trafford Road, Salford, Manchester M5 3EQ This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender by replying to the e-mail containing this attachment. Replies to this email may be monitored by COMODO for operational or business reasons. Whilst every endeavour is taken to ensure that e-mails are free from viruses, no liability can be accepted and the recipient is requested to use their own virus checking software.
- [TLS] TLS Cached Information Extension - version … Hannes Tschofenig
- Re: [TLS] TLS Cached Information Extension - vers… Rob Stradling
- Re: [TLS] TLS Cached Information Extension - vers… Sean Turner
- Re: [TLS] TLS Cached Information Extension - vers… Hannes Tschofenig
- [TLS] cached-info and multiple-ocsp Rob Stradling
- Re: [TLS] cached-info and multiple-ocsp Joseph Salowey (jsalowey)
- Re: [TLS] cached-info and multiple-ocsp Hannes Tschofenig
- Re: [TLS] cached-info and multiple-ocsp Rob Stradling