[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: DISCUSS: MUST reject in OCSPv1
Can we break this discussion up into two parts (and maybe even
have a couple of straw polls)?
1. When a server sees a nonce in a request, should the spec
require a server to include the nonce in the response or
return an error (as recommended by Russ) or should the spec
recommend the server include the nonce (as requested by Ryan,
Alex and David and maybe Florian).
2. Does there need to be a way of a server to indicate to a
client that it doesn't support nonces. If there does, I
assume everybody agrees that the way should be a secure
way.
Does this help clarify the issues?
Regards,
Ambarish
> -----Original Message-----
> From: owner-ietf-pkix@xxxxxxxxxxxx
> [mailto:owner-ietf-pkix@xxxxxxxxxxxx] On Behalf Of Michael Myers
> Sent: Friday, December 05, 2003 10:47 AM
> To: Ryan M. Hurst; ietf-pkix@xxxxxxx
> Subject: RE: DISCUSS: MUST reject in OCSPv1
>
>
>
>
> > From: Ryan M. Hurst
> > Sent: Friday, December 05, 2003 10:57 AM
> >
> > [rmh]As I said, I am willing to accept the
> > must reject if that means that others will
> > drop the idea of adding breaking changes to
> > the v1 protocol.
>
> So now we've come full circle. A plain MUST reject is where
> we got started and which principle Russ affirmed in
> Minneapolis. I'm curious what others think.
>
> Mike
>
>