Javascript disabled? Like other modern websites, the IETF Datatracker relies on Javascript. Please enable Javascript for full functionality.

The Lightweight Online Certificate Status Protocol (OCSP) Profile for High-Volume Environments
draft-ietf-pkix-lightweight-ocsp-profile-11

Yes

(Russ Housley)

No Objection

(Brian Carpenter)

(Chris Newman)

(Cullen Jennings)

(Dan Romascanu)

(David Kessens)

(David Ward)

(Jari Arkko)

(Jon Peterson)

(Lars Eggert)

(Lisa Dusseault)

(Magnus Westerlund)

(Mark Townsley)

(Ron Bonica)

(Ross Callon)

(Sam Hartman)

(Ted Hardie)

(Tim Polk)

Note: This ballot was opened for revision 11 and is now closed.

Russ Housley Former IESG member

(was Discuss, Yes) Yes

Yes () Unknown

Brian Carpenter Former IESG member

No Objection

No Objection () Unknown

Chris Newman Former IESG member

(was Discuss, No Record, Discuss) No Objection

No Objection (2007-06-20) Unknown

This may be subject to some of the issues in RFC 3143.  I suspect the
Vary header should not be used, for example.

I'd also like to see an anaylsis of the impact of HTTP Request Smugging
in the security considerations section as this profile suggests
aggressive caching and use of proxies.

I do think this profile would be improved by applying BCP 56 (at the very
least assigning a port other than port 80), but I'm willing to just
abstain if that isn't fixed.

Cullen Jennings Former IESG member

No Objection

No Objection () Unknown

Dan Romascanu Former IESG member

No Objection

No Objection () Unknown

David Kessens Former IESG member

No Objection

No Objection (2006-08-02) Unknown

Comments received by Frank Kastenholz from the Ops Directorate:

 as this is a profile ('how to make it work') document, i'd make
 the same points that i made for draft-ietf-pki4ipsec-ikecert-profile-10.txt.

 one added question, section 1.1.1 of the document
 says that clients must use SHA1 to authenticate some data.
 Is it wise to mandate a crypto algorithm in this manner?
 given the history that shows that crypto-algorithms
 eventually weaken and then succumb to attacks of various forms,
 so won't sha1 also succumb?

 i don't know how to solve this problem; perhaps
 there should be an ietf-web-page someplace
 that shows the status of algorithms?xo

David Ward Former IESG member

No Objection

No Objection () Unknown

Jari Arkko Former IESG member

No Objection

No Objection () Unknown

Jon Peterson Former IESG member

No Objection

No Objection () Unknown

Lars Eggert Former IESG member

No Objection

No Objection () Unknown

Lisa Dusseault Former IESG member

No Objection

No Objection () Unknown

Magnus Westerlund Former IESG member

No Objection

No Objection (2007-04-19) Unknown

The document fails to spell out acronyms at their first usage.

Mark Townsley Former IESG member

No Objection

No Objection () Unknown

Ron Bonica Former IESG member

No Objection

No Objection () Unknown

Ross Callon Former IESG member

No Objection

No Objection () Unknown

Sam Hartman Former IESG member

(was Discuss) No Objection

No Objection () Unknown

Ted Hardie Former IESG member

(was Discuss) No Objection

No Objection () Unknown

Tim Polk Former IESG member

No Objection

No Objection () Unknown

The Lightweight Online Certificate Status Protocol (OCSP) Profile for High-Volume Environments draft-ietf-pkix-lightweight-ocsp-profile-11

The Lightweight Online Certificate Status Protocol (OCSP) Profile for High-Volume Environments
draft-ietf-pkix-lightweight-ocsp-profile-11