[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: OCSP response pre-production

To: <ietf-pkix@xxxxxxx>
Subject: RE: OCSP response pre-production
From: "Michael Myers" <mmyers@xxxxxxxxx>
Date: Sat, 4 Oct 2003 07:47:48 -0700
Cc: "Russ Housley" <housley@xxxxxxxxxxxx>, "Stephen Kent" <kent@xxxxxxx>, "Tim Polk" <tim.polk@xxxxxxxx>, "Carlisle Adams" <carlisle.adams@xxxxxxxxxxx>
Importance: Normal
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx



Well, it certainly wasn't in *my* mind at the time that nonces,
if used, would be ignored.  To my recollection, the discussions
between Carlisle and myself that lead to their definition were
quite robust on the point.

Indeed, as the poll indicates something close to 11 of 12 of
client side implementors treat (or can treat) the practice as an
error.  So it's not like this is a great revelation to anybody.
Yes, extensions are optional.  But extensions may have
additional semantics associated with their use.  The fact that
the definition of the nonce extension does not is where we got
started with a view towards clarifying original intent.

Since nonces break caching, don't use nonces in a cached
environment.  Send a non-nonced response anyway due to
server-side lack of control on the client side?  Maybe.  If the
chairs and the AD are comfortable allowing the IETF to
standardize the practice, I'd be happy to oblige.

Mike

Follow-Ups:
- POLL: Nonce-specific error code for OCSP
  - From: Michael Myers

References:
- RE: OCSP response pre-production
  - From: Deacon, Alex

Prev by Date: RE: OCSP response pre-production
Next by Date: Re: request for reviewing our interoperability experiment report
Previous by thread: RE: OCSP response pre-production
Next by thread: POLL: Nonce-specific error code for OCSP
Index(es):
- Date
- Thread