[cabfpub] Ballot 103 - OCSP Staping and AIA (DRAFT)

Rob Stradling rob.stradling at comodo.com
Wed May 29 02:32:10 MST 2013

On 28/05/13 18:14, Ben Wilson wrote:
> I am looking for two endorsers of Ballot 103 OCSP Stapling and AIA,
> which I’ve revised below.  I’m flexible on subparagraph (5), and I’ve
> sent a note to the TLS WG to solicit comments on it.
> G.  TLS Feature Extension (optional)
> Subscriber Certificates MAY contain the TLS Feature Extension
> advertising that the status_request feature of OCSP stapling is
> available and supported by the subscriber.  If present, this field MUST
> NOT be marked critical.]

Ben, I suggest changing "MUST NOT" to "SHOULD NOT".

Phill's draft [1] says:
   "The TLS Feature Extension SHOULD NOT be marked critical.  RFC 5280
    [RFC5280] requires that implementations that do not understand the
    extension MUST reject the certificate.  Marking the TLS Feature
    Extension critical breaks backward compatibility and is not
    recommended unless this is the desired behavior."

[1] http://www.ietf.org/id/draft-hallambaker-tlsfeature-02.txt

Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online

More information about the Public mailing list