[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SUMMARY of nonces in OCSP

To: <ietf-pkix@xxxxxxx>
Subject: SUMMARY of nonces in OCSP
From: "Michael Myers" <mmyers@xxxxxxxxx>
Date: Wed, 1 Oct 2003 10:20:11 -0700
Importance: Normal
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

All,

Towards consensus on a path forward, here's where we are with
the poll and recent discussions:

1.  Nonces break caching.  No news there.

2.  Of the eleven responding implementors to the poll regarding
normative language in 2560 on the use of nonces, nine are not
broken by the proposed language while two rely on a caching.

3.  We need to define an error value specific to a responder's
inability to accept a nonce.

4.  Closely related to #3, we need some means of signalling
between a requestor and a responder in order for the requestor
to determine if use of a nonce would be accepted.

Anyone disagree?

Below is the specific list of respondents to poll.  Did I miss
anybody?


NOT BROKEN
----------
Marius Marian, Politenico di Torino
Ryan Hurst, Microsoft
Yasir Khan, Ascertia
Miguel Rodriguez, SeguriDATA
Peter Gutman, (doing what Peter does)
Eric Wertz, RSA
Florian Oelmaier, SyTrust
Terry Hayes, Netscape
Stephen Henson, OpenSSL


BROKEN DUE TO CACHING
---------------------
Alex Deacon, VeriSign
David Engberg, CoreStreet


Mike

Follow-Ups:
- RE: SUMMARY of nonces in OCSP
  - From: Florian Oelmaier
- RE: SUMMARY of nonces in OCSP
  - From: Michael Myers

References:
- Re: POLL: Use of nonces in OCSP
  - From: Marius Marian

Prev by Date: Re: Self-Issued certificate requirements?
Next by Date: RE: SUMMARY of nonces in OCSP
Previous by thread: Re: POLL: Use of nonces in OCSP
Next by thread: RE: SUMMARY of nonces in OCSP
Index(es):
- Date
- Thread