The Lightweight Online Certificate Status Protocol (OCSP) Profile for High-Volume Environments
draft-ietf-pkix-lightweight-ocsp-profile-11
Yes
(Russ Housley)
No Objection
(Brian Carpenter)
(Cullen Jennings)
(Dan Romascanu)
(David Ward)
(Jari Arkko)
(Jon Peterson)
(Lars Eggert)
(Lisa Dusseault)
(Mark Townsley)
(Ron Bonica)
(Ross Callon)
(Sam Hartman)
(Ted Hardie)
(Tim Polk)
Note: This ballot was opened for revision 11 and is now closed.
Russ Housley Former IESG member
(was Discuss, Yes)
Yes
Yes
()
Unknown
Brian Carpenter Former IESG member
No Objection
No Objection
()
Unknown
Chris Newman Former IESG member
(was Discuss, No Record, Discuss)
No Objection
No Objection
(2007-06-20)
Unknown
This may be subject to some of the issues in RFC 3143. I suspect the Vary header should not be used, for example. I'd also like to see an anaylsis of the impact of HTTP Request Smugging in the security considerations section as this profile suggests aggressive caching and use of proxies. I do think this profile would be improved by applying BCP 56 (at the very least assigning a port other than port 80), but I'm willing to just abstain if that isn't fixed.
Cullen Jennings Former IESG member
No Objection
No Objection
()
Unknown
Dan Romascanu Former IESG member
No Objection
No Objection
()
Unknown
David Kessens Former IESG member
No Objection
No Objection
(2006-08-02)
Unknown
Comments received by Frank Kastenholz from the Ops Directorate: as this is a profile ('how to make it work') document, i'd make the same points that i made for draft-ietf-pki4ipsec-ikecert-profile-10.txt. one added question, section 1.1.1 of the document says that clients must use SHA1 to authenticate some data. Is it wise to mandate a crypto algorithm in this manner? given the history that shows that crypto-algorithms eventually weaken and then succumb to attacks of various forms, so won't sha1 also succumb? i don't know how to solve this problem; perhaps there should be an ietf-web-page someplace that shows the status of algorithms?xo
David Ward Former IESG member
No Objection
No Objection
()
Unknown
Jari Arkko Former IESG member
No Objection
No Objection
()
Unknown
Jon Peterson Former IESG member
No Objection
No Objection
()
Unknown
Lars Eggert Former IESG member
No Objection
No Objection
()
Unknown
Lisa Dusseault Former IESG member
No Objection
No Objection
()
Unknown
Magnus Westerlund Former IESG member
No Objection
No Objection
(2007-04-19)
Unknown
The document fails to spell out acronyms at their first usage.
Mark Townsley Former IESG member
No Objection
No Objection
()
Unknown
Ron Bonica Former IESG member
No Objection
No Objection
()
Unknown
Ross Callon Former IESG member
No Objection
No Objection
()
Unknown
Sam Hartman Former IESG member
(was Discuss)
No Objection
No Objection
()
Unknown
Ted Hardie Former IESG member
(was Discuss)
No Objection
No Objection
()
Unknown
Tim Polk Former IESG member
No Objection
No Objection
()
Unknown