[cabfpub] Ballot 103 - OCSP Staping and AIA (DRAFT)
Rob Stradling
rob.stradling at comodo.com
Wed May 29 02:32:10 MST 2013
On 28/05/13 18:14, Ben Wilson wrote:
> I am looking for two endorsers of Ballot 103 OCSP Stapling and AIA,
> which I’ve revised below. I’m flexible on subparagraph (5), and I’ve
> sent a note to the TLS WG to solicit comments on it.
<snip>
> G. TLS Feature Extension (optional)
>
> Subscriber Certificates MAY contain the TLS Feature Extension
> advertising that the status_request feature of OCSP stapling is
> available and supported by the subscriber. If present, this field MUST
> NOT be marked critical.]
Ben, I suggest changing "MUST NOT" to "SHOULD NOT".
Phill's draft [1] says:
"The TLS Feature Extension SHOULD NOT be marked critical. RFC 5280
[RFC5280] requires that implementations that do not understand the
extension MUST reject the certificate. Marking the TLS Feature
Extension critical breaks backward compatibility and is not
recommended unless this is the desired behavior."
[1] http://www.ietf.org/id/draft-hallambaker-tlsfeature-02.txt
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
More information about the Public
mailing list