[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: OCSP response pre-production

To: <ietf-pkix@xxxxxxx>
Subject: RE: OCSP response pre-production
From: "Michael Myers" <mmyers@xxxxxxxxx>
Date: Thu, 2 Oct 2003 08:50:05 -0700
Importance: Normal
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx



If we don't define a nonce-specific error, it's predictable that
client developers will choose one of the existing 5 unsigned
error values in order to pop up a dialog that says, essentially,
"You used a nonce and received an error.  If you want to try
again not using nonces, click here."

It doesn't matter much which error; any one will do in order to
discover if nonce use is the problem.  In fact if nothing
changed I'm wondering what the server side *would* send back?
I've recently seen suggestions on this list for
malFormedRequest, internalError and unauthorized.

Not defining a nonce-specific error value escapes nothing.
Clients can today enable relying parties to achieve their
intended goals via error-triggered nonce capability discovery.

Mike

Follow-Ups:
- Re: OCSP response pre-production
  - From: David Engberg

References:
- Re: OCSP response pre-production
  - From: Julien Stern

Prev by Date: I-D ACTION:draft-ietf-pkix-certpathbuild-01.txt
Next by Date: RE: OCSP response pre-production
Previous by thread: Re: OCSP response pre-production
Next by thread: Re: OCSP response pre-production
Index(es):
- Date
- Thread