[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Criticality and SCVP Extensions

To: "Housley, Russ" <rhousley@xxxxxxxxxxxxxxx>, <ietf-pkix@xxxxxxx>
Subject: RE: Criticality and SCVP Extensions
From: "Ambarish Malpani" <ambarish@xxxxxxxxxxx>
Date: Mon, 4 Nov 2002 07:38:51 -0800
Importance: Normal
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx


The intent in SCVP was the same as 3161bis.

I agree.

Ambarish

---------------------------------------------------------------------
Ambarish Malpani                                         650.759.9045
Malpani Consulting Services                      ambarish@xxxxxxxxxxx
http://www.malpani.biz



> -----Original Message-----
> From: owner-ietf-pkix@xxxxxxxxxxxx
> [mailto:owner-ietf-pkix@xxxxxxxxxxxx]On Behalf Of Housley, Russ
> Sent: Sunday, November 03, 2002 11:13 AM
> To: ietf-pkix@xxxxxxx
> Subject: Criticality and SCVP Extensions
>
>
>
> The open issues section in SCVP has highlighted extension criticality for
> many months.  Yet, it has not really been discussed.  Recently, Denis
> Pinkas raised this issue as part of a much longer posting.  I think it
> deserves a thread of its own.
>
> In SCVP, there are two extensions levels: reqExtension and
> queryExtensions.
> Extensions are there to allow for future unplanned standard extensions
> and/or for private extensions.
>
> Denis pointed out that a similar discussion was held in the
> context of RFC
> 3161, where the interpretation of the criticality bit was the following:
>
>     If an extension, whether it is marked critical or not critical, is
>     used by a requester but is not recognized by a time-stamping server,
>     the server SHALL not issue a token and SHALL return a failure
>
> In RFC 3161bis, this has been changed to:
>
>     A server that does not recognize a non-critical extension SHALL ignore
>     the extension and SHALL NOT return an error for this. A server that
>     recognizes an extension SHALL process the extension regardless of
>     the value of the criticality flag. A server MUST reject the
> request if it
>     encounters a critical extension it does not recognize and in that case
>     SHALL return a failure.
>
> This represents the current consensus for TSP. This is different from the
> treatment that is indicated in the SCVP draft:
>
>     In a request, if the critical item is TRUE, the server MUST NOT
>     process the request unless it understands the extension.
>
>     In a reply, if the critical item is TRUE, the client MUST NOT process
>     the response unless it understands the extension.
>
> It would be nice if all of the PKIX WG protocols had a common extension
> approach, but that is not absolutely mandatory.
>
> What should we do in SCVP?
>
> Russ
>

References:
- Criticality and SCVP Extensions
  - From: Housley, Russ

Prev by Date: Re: I-D ACTION:draft-ietf-pkix-logotypes-07.txt
Next by Date: Doubt about Revocation Message from CMP
Previous by thread: Re: Criticality and SCVP Extensions
Next by thread: I-D ACTION:draft-ietf-pkix-sim-00.txt
Index(es):
- Date
- Thread