[cabfpub] Ballot 103 - OCSP Staping and AIA (DRAFT)

Ben Wilson ben at digicert.com
Fri Jun 7 09:26:49 MST 2013


Sure.

-----Original Message-----
From: Robin Alden [mailto:robin at comodo.com] 
Sent: Friday, June 07, 2013 10:20 AM
To: 'Rob Stradling'; ben at digicert.com
Cc: public at cabforum.org
Subject: RE: [cabfpub] Ballot 103 - OCSP Staping and AIA (DRAFT)

Hi Ben,
	If you accept Rob's amendment, below, Comodo will endorse ballot
103.

Regards
Robin


> -----Original Message-----
> From: public-bounces at cabforum.org [mailto:public-
> bounces at cabforum.org] On Behalf Of Rob Stradling
> Sent: 29 May 2013 10:32
> To: ben at digicert.com
> Cc: public at cabforum.org
> Subject: Re: [cabfpub] Ballot 103 - OCSP Staping and AIA (DRAFT)
> 
> On 28/05/13 18:14, Ben Wilson wrote:
> > I am looking for two endorsers of Ballot 103 OCSP Stapling and AIA,
> > which I've revised below.  I'm flexible on subparagraph (5), and
I've
> > sent a note to the TLS WG to solicit comments on it.
> <snip>
> > G.  TLS Feature Extension (optional)
> >
> > Subscriber Certificates MAY contain the TLS Feature Extension
> > advertising that the status_request feature of OCSP stapling is
> > available and supported by the subscriber.  If present, this field
> > MUST NOT be marked critical.]
> 
> Ben, I suggest changing "MUST NOT" to "SHOULD NOT".
> 
> Phill's draft [1] says:
>    "The TLS Feature Extension SHOULD NOT be marked critical.  RFC 5280
>     [RFC5280] requires that implementations that do not understand the
>     extension MUST reject the certificate.  Marking the TLS Feature
>     Extension critical breaks backward compatibility and is not
>     recommended unless this is the desired behavior."
> 
> 
> [1] http://www.ietf.org/id/draft-hallambaker-tlsfeature-02.txt
> 
> --
> Rob Stradling
> Senior Research & Development Scientist
> COMODO - Creating Trust Online
> 
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5460 bytes
Desc: not available
Url : https://cabforum.org/pipermail/public/attachments/20130607/fccd2673/attachment.bin 


More information about the Public mailing list