RE: SUMMARY of nonces in OCSP

["Ryan M. Hurst" <rmh@xxxxxxxxxxxxxxxxxxxxx>]

In-line

-----Original Message-----
From: owner-ietf-pkix@xxxxxxxxxxxx [mailto:owner-ietf-pkix@xxxxxxxxxxxx]
On Behalf Of Michael Myers
Sent: Wednesday, October 01, 2003 10:20 AM
To: ietf-pkix@xxxxxxx
Subject: SUMMARY of nonces in OCSP


All,

Towards consensus on a path forward, here's where we are with the poll
and recent discussions:

1.  Nonces break caching.  No news there.
[rmh] Yup.

2.  Of the eleven responding implementors to the poll regarding
normative language in 2560 on the use of nonces, nine are not broken by
the proposed language while two rely on a caching.
[rmh] Yup.

3.  We need to define an error value specific to a responder's inability
to accept a nonce.
[rmh] not sure we need this, I am OK with internalError, notAuthorized
or a new error but preferably I as a client want a response because I
want to decide if I care; that's what our client will be doing.

4.  Closely related to #3, we need some means of signalling between a
requestor and a responder in order for the requestor to determine if use
of a nonce would be accepted.
[rmh] I don't care about this, this assumes a server controls the
clients which doesn't seem to be realistic.


Anyone disagree?

Below is the specific list of respondents to poll.  Did I miss anybody?


NOT BROKEN
----------
Marius Marian, Politenico di Torino
Ryan Hurst, Microsoft
Yasir Khan, Ascertia
Miguel Rodriguez, SeguriDATA
Peter Gutman, (doing what Peter does)
Eric Wertz, RSA
Florian Oelmaier, SyTrust
Terry Hayes, Netscape
Stephen Henson, OpenSSL


BROKEN DUE TO CACHING
---------------------
Alex Deacon, VeriSign
David Engberg, CoreStreet


Mike