DISCUSS: MUST reject in OCSPv1

["Michael Myers" <mmyers@xxxxxxxxx>]

-----Original Message-----
From: Carlisle Adams
Sent: Tuesday, December 09, 2003 12:00 PM
To: Michael Myers
Subject: Re: MUST reject in OCSPv1

Hi Mike,

[. . .] you may forward the content of this message to the list
if you
wish.

It's pretty clear to me that clients use a nonce when they want
to guarantee
a fresh response from the other end (the nonce is returned in a
signed
message).  If the client doesn't care about freshness, it has no
reason to
use the nonce since that is the ONLY purpose that the nonce
serves.

So, if a client puts a nonce in its request, the server MUST
return it in
the response.  If the responder requirement is softened to a
SHOULD, then
the client requirement has to be strengthened to "if the
response comes back
without the client's nonce included, the client MUST reject the
message".
Again, if the client doesn't care about freshness, then it MUST
NOT put a
nonce in the request.  If it does put a nonce in the request,
then a
response without it MUST NOT be acceptable.  This only makes
sense:  if you
explicitly ask for a security service on a response
(confidentiality,
authenticity, integrity, freshness, whatever) and the response
shows up
without it, this must be unacceptable.  I don't care so much
whether the
behavioral requirement is on the client or on the responder
(although I
would prefer it to be on the responder), but the result must be
that the
request has not been completed.

Carlisle.