䐼噉氠湡㵧湥甭汣獡㵳畏汴潯䵫獥慳敧效摡牥愠楬湧∽敬瑦•䥄㵒䰢剔㸢㰠剈琠扡湩敤㵸ⴢ∱‾䘼乏⁔慆散∽≔匠穩㵥㈢㸢㰠㹂㱆䈯‾⁆⁛䈼㹒㰠㹂㱓䈯‾㱗剂‾䈼吾⼼㹂椠䈼㹒†䈼匾⼼㹂匠䈼㹒†㰠䘯乏㹔⼼䥄㹖䐼噉㰾剂㰾䐯噉
SCVP draft 15, section 4.8 replyObjects, CertReply
structure:
- If server chooses replyStatus as MalformedPKC
(3), MalformedAC (4), UnrecognizedCertPolicy (5) or UnrecognizedExtension
(7), how is it possible to set ReplyChecks and/or ReplyWantBacks in this
case?
[TF]
Since there are all errors, then there is no replycheks or wantbacks to
retutn.
[FM]
Yes this is point, so ReplyWantBacks should be OPTIONAL and ReplyCheck
'status' should also be optional or there should be more INTEGER define for
appropriate status
- If server chooses replyStatus as
UnrecognizedValPolicy (6), is it possible that server process the whole
request? I think this status code should belong to CVResponse instead of
CertReply
[TF]
Fixed in 16.
- If server chooses replyStatus as CertPathNotValidNow
(12) and reason is that server can not connect to OCSPResponder/LDAPServer
and so have no revocation information for the time being then what should
server put in ReplyWantBacks?
[TF]
16 now defines If you get an error connecting to the server, then unavailable.
If the server returns stale data, offline
[FM]
Fine, and ReplyWantBack should be OPTIONAL