[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: SUMMARY of nonces in OCSP
Michael,
can you please explain to me why we need 3 and 4? Both requirements seem
to be fulfilled rather fine in the current state of RfC2560: the
responder simply sends back a response without nonce. What is the
problem with the current solution to this problem?
--
Florian Oelmaier
SyTrust
PS: While our software is not broken by the proposed language due to
good configurability, I cannot guarantee for all installations.
> -----Original Message-----
> From: owner-ietf-pkix@xxxxxxxxxxxx
> [mailto:owner-ietf-pkix@xxxxxxxxxxxx] On Behalf Of Michael Myers
> Sent: Wednesday, October 01, 2003 7:20 PM
> To: ietf-pkix@xxxxxxx
> Subject: SUMMARY of nonces in OCSP
>
>
>
> All,
>
> Towards consensus on a path forward, here's where we are with
> the poll and recent discussions:
>
> 1. Nonces break caching. No news there.
>
> 2. Of the eleven responding implementors to the poll
> regarding normative language in 2560 on the use of nonces,
> nine are not broken by the proposed language while two rely
> on a caching.
>
> 3. We need to define an error value specific to a
> responder's inability to accept a nonce.
>
> 4. Closely related to #3, we need some means of signalling
> between a requestor and a responder in order for the
> requestor to determine if use of a nonce would be accepted.
>
> Anyone disagree?
>
> Below is the specific list of respondents to poll. Did I
> miss anybody?
>
>
> NOT BROKEN
> ----------
> Marius Marian, Politenico di Torino
> Ryan Hurst, Microsoft
> Yasir Khan, Ascertia
> Miguel Rodriguez, SeguriDATA
> Peter Gutman, (doing what Peter does)
> Eric Wertz, RSA
> Florian Oelmaier, SyTrust
> Terry Hayes, Netscape
> Stephen Henson, OpenSSL
>
>
> BROKEN DUE TO CACHING
> ---------------------
> Alex Deacon, VeriSign
> David Engberg, CoreStreet
>
>
> Mike
>
>
>