POLL: MUST reject in OCSPv1

["Michael Myers" <mmyers@xxxxxxxxx>]

All,

OK, so let's take a full-up poll on what we were looking at a
couple of weeks ago to see where we stand today.  Please respond
with either YES or NO.  Take discussions to the DISCUSS thread.

This approach preserves installed base functionality and yet
enables a clear and technically complete resolution of the
various perspectives.

To date, on the related DISCUSS thread, six have voiced
agreement to this path forward and two disagree.  From that
record:

AGREE
-----
David Engberg,      Corestreet
Florian Oelmaier,   Sytrust
Ambarish Malpani,   Cenzic
Marc Branchaud,     RSA
Miguel Rodriguez,   SeguriDATA
Frank Balluffi,     Deutsche Bank

DISAGREE
--------
Ryan Hurst,         Microsoft
Alex Deacon,        VeriSign


PROPOSED
--------
The proposed resolution is as follows:

1. Cycle v1 as Proposed Standard.  It was well
   on its way to Draft but we'll pull it back.

2. Define nonceUnsupported extension subject
   to the following semantics.

3. Clients that send a nonce:

   a. MUST reject a non-nonced response if
      that response includes either the value
      "good" or "revoked" AND it fails to
      include the nonceUnsupported extension;

   b. Else, if such response includes the
      nonceUnsupported extension, clients
      MAY accept the response subject to the
      advice in the Security Considerations
      section of this document.

4. Conversely, if a server receives a nonced
   request but is unable to incorporate the
   nonce in its response, the server MUST
   include the nonceUnsupported extension.

We now have clearance to cycle v1 at Proposed so that's no
longer a predicate.

Thank you for your continued patience as we work towards
resolving this issue.

Mike