[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: OCSP in TLS handshake

To: "'Marc Branchaud'" <marcnarc@xxxxxxxxxxxxxxx>, ietf-pkix@xxxxxxx
Subject: RE: OCSP in TLS handshake
From: "Deacon, Alex" <alex@xxxxxxxxxxxx>
Date: Tue, 9 Dec 2003 09:21:37 -0800
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

nonceUnsupported does not preclude the use of OCSP responses in the TLS
handshake.  My concern was ensuring what ever new text is added to v1
does not preclude this use case.  In particular a client that receives
an ocsp response that includes a nonce in a handshake must not reject
the response because it contains a nonce it didn't generate.  

Alex

> -----Original Message-----
> From: Marc Branchaud [mailto:marcnarc@xxxxxxxxxxxxxxx] 
> Sent: Monday, December 08, 2003 3:59 PM
> To: ietf-pkix@xxxxxxx
> Subject: Re: OCSP in TLS handshake
> 
> 
> Marc Branchaud wrote:
> > 
> > I'm not trying to be obtuse here (it actually takes very little 
> > effort),
> > but I really need a patient explanation of why nonceUnsupported 
> > precludes the use of OCSP responses in the TLS handshake.
> 
> OK, I'd settle for an impatient explanation...
> 
> 		M.
>

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Follow-Ups:
- Re: OCSP in TLS handshake
  - From: Marc Branchaud

Prev by Date: RE: DISCUSS: MUST reject in OCSPv1
Next by Date: Re: OCSP in TLS handshake
Previous by thread: Re: OCSP in TLS handshake
Next by thread: Re: OCSP in TLS handshake
Index(es):
- Date
- Thread