Re: [TLS] draft-ietf-tls-multiple-cert-status-extension-04
"Yngve N. Pettersen" <yngve@spec-work.net> Fri, 29 March 2013 15:09 UTC
Return-Path: <yngve@spec-work.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 824A021F9445 for <tls@ietfa.amsl.com>; Fri, 29 Mar 2013 08:09:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a+I4NxPic9Ap for <tls@ietfa.amsl.com>; Fri, 29 Mar 2013 08:09:58 -0700 (PDT)
Received: from smtp.domeneshop.no (smtp.domeneshop.no [194.63.252.54]) by ietfa.amsl.com (Postfix) with ESMTP id B055A21F8F25 for <tls@ietf.org>; Fri, 29 Mar 2013 08:09:57 -0700 (PDT)
Received: from 239.171.251.212.customer.cdi.no ([212.251.171.239]:58066 helo=killashandra.invalid.invalid) by smtp.domeneshop.no with esmtpsa (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.72) (envelope-from <yngve@spec-work.net>) id 1ULawF-000068-Fe; Fri, 29 Mar 2013 16:09:55 +0100
Content-Type: text/plain; charset="iso-8859-15"; format="flowed"; delsp="yes"
To: Sean Turner <turners@ieca.com>
References: <trinity-043a4732-141e-4d05-9c4b-6fd5f176d014-1364475063129@3capp-gmx-bs55> <op.wun04nh03dfyax@killashandra.invalid.invalid> <51558B02.6070302@ieca.com>
Date: Fri, 29 Mar 2013 16:09:45 +0100
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: "Yngve N. Pettersen" <yngve@spec-work.net>
Message-ID: <op.wupq2jp43dfyax@killashandra.invalid.invalid>
In-Reply-To: <51558B02.6070302@ieca.com>
User-Agent: Opera Mail/12.14 (Win32)
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] draft-ietf-tls-multiple-cert-status-extension-04
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Mar 2013 15:09:59 -0000
On Fri, 29 Mar 2013 13:37:22 +0100, Sean Turner <turners@ieca.com> wrote: > On 3/28/13 12:51 PM, Yngve N. Pettersen wrote: >> >> Hello Hannes >> >> Thanks for the review. >> >> 1) Updating RFC 6066 >> >> It might be that it can be said to update 6066, but I have leaned >> towards that it is not updating 6066, since, while most of the new >> structures are derived from the 6066 definitions, they are really only >> defined for the new extension. >> >> If RFC 6066 had only defined the OCSP stapling system, I would have been >> inclined to say my draft obsoleted it, but that is not workable since >> there are other extensions defined in it. >> >> It could be that the update of the CertificateStatus message count as >> such an update, even if it is only defined for the new extension. >> >> Do the Chairs or AD have any opinions on this? >> >> >>> Would you expect that someone uses RFC 6066 or would they instead use >>> draft-ietf-tls-multiple-cert-status-extension-04 >>> with respect to the OCSP procedure? >> >> In a transition phase I would expect clients to send both the 6066 >> CertificateStatus request extension, and the new one defined by my >> draft. Long term I would expect a change to only using the new >> extension. > > If this is a new standalone extension, then it doesn't update RFC 6066. > In the past "updates" has sometimes been used as a "see also" tag, but > that's now gently being stomped out. OK >> Servers supporting both should IMO return the new extension. > > If you say this in the draft then I'd be leaning towards an update. That > is if you changing behavior about an extension that's in 6066 it's an > update. I am not planning such language. I'll leave it up to implementors to make such decisions, but I also hope they will see the benefit of using the newer extension when it is presented. -- Sincerely, Yngve N. Pettersen Using Opera's mail client: http://www.opera.com/mail/
- [TLS] draft-ietf-tls-multiple-cert-status-extensi… Hannes Tschofenig
- Re: [TLS] draft-ietf-tls-multiple-cert-status-ext… Yngve N. Pettersen
- Re: [TLS] draft-ietf-tls-multiple-cert-status-ext… Sean Turner
- Re: [TLS] draft-ietf-tls-multiple-cert-status-ext… Yngve N. Pettersen