[cabfpub] Ballot 103 - OCSP Staping and AIA (DRAFT)
Ben Wilson
ben at digicert.com
Fri Jun 7 16:26:49 UTC 2013
Sure.
-----Original Message-----
From: Robin Alden [mailto:robin at comodo.com]
Sent: Friday, June 07, 2013 10:20 AM
To: 'Rob Stradling'; ben at digicert.com
Cc: public at cabforum.org
Subject: RE: [cabfpub] Ballot 103 - OCSP Staping and AIA (DRAFT)
Hi Ben,
If you accept Rob's amendment, below, Comodo will endorse ballot
103.
Regards
Robin
> -----Original Message-----
> From: public-bounces at cabforum.org [mailto:public-
> bounces at cabforum.org] On Behalf Of Rob Stradling
> Sent: 29 May 2013 10:32
> To: ben at digicert.com
> Cc: public at cabforum.org
> Subject: Re: [cabfpub] Ballot 103 - OCSP Staping and AIA (DRAFT)
>
> On 28/05/13 18:14, Ben Wilson wrote:
> > I am looking for two endorsers of Ballot 103 OCSP Stapling and AIA,
> > which I've revised below. I'm flexible on subparagraph (5), and
I've
> > sent a note to the TLS WG to solicit comments on it.
> <snip>
> > G. TLS Feature Extension (optional)
> >
> > Subscriber Certificates MAY contain the TLS Feature Extension
> > advertising that the status_request feature of OCSP stapling is
> > available and supported by the subscriber. If present, this field
> > MUST NOT be marked critical.]
>
> Ben, I suggest changing "MUST NOT" to "SHOULD NOT".
>
> Phill's draft [1] says:
> "The TLS Feature Extension SHOULD NOT be marked critical. RFC 5280
> [RFC5280] requires that implementations that do not understand the
> extension MUST reject the certificate. Marking the TLS Feature
> Extension critical breaks backward compatibility and is not
> recommended unless this is the desired behavior."
>
>
> [1] http://www.ietf.org/id/draft-hallambaker-tlsfeature-02.txt
>
> --
> Rob Stradling
> Senior Research & Development Scientist
> COMODO - Creating Trust Online
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5460 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20130607/fccd2673/attachment-0001.p7s>
More information about the Public
mailing list