[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: I-D Action:draft-ietf-pkix-ocspagility-02.txt

To: ietf-pkix@xxxxxxx
Subject: Re: I-D Action:draft-ietf-pkix-ocspagility-02.txt
From: Sean Turner <turners@xxxxxxxx>
Date: Sun, 16 Aug 2009 09:58:00 -0400
In-reply-to: <20090812131501.2DE123A6AB5@xxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <20090812131501.2DE123A6AB5@xxxxxxxxxxxxxx>
Sender: owner-ietf-pkix@xxxxxxxxxxxx
User-agent: Thunderbird 2.0.0.22 (Macintosh/20090605)


Is this ID intended to be an update of RFC 2560?  If so, then it should
indicate as much on the 1st page's header.

Shouldn't this be standards track and not informational track
(http://www.ietf.org/proceedings/73/minutes/pkix.htm)?

Sec 3: In the para after the ASN.1 snippet, I think we should add "The
object identifiers (OIDs) are listed in order of their preference" or
something similar.

Sec 4.1 bullet #5 makes me ask if the required algorithms in this
version of OCSP (RFC 2560) are DSA/RSA (must/should) with SHA-1 (must),
then are responses signed with RSA and SHA-256 considered non-compliant

with RFC 2560? Also, the requirements in Sec 4.3 of RFC 2560 are forthe client with the exception of SHA-1 so it seems like there might be adisconnect because there is no explicit server musts use X algorithm.

spt

Follow-Ups:
- Re: I-D Action:draft-ietf-pkix-ocspagility-02.txt
  - From: Stefan Santesson

References:
- I-D Action:draft-ietf-pkix-ocspagility-02.txt
  - From: Internet-Drafts

Prev by Date: PKI support in W3C's HTML5
Next by Date: Re: I-D Action:draft-ietf-pkix-ocspagility-02.txt
Previous by thread: I-D Action:draft-ietf-pkix-ocspagility-02.txt
Next by thread: Re: I-D Action:draft-ietf-pkix-ocspagility-02.txt
Index(es):
- Date
- Thread