Online Certificate Status Protocol Algorithm Agility
draft-ietf-pkix-ocspagility-11
Yes
(Tim Polk)
No Objection
(Jari Arkko)
(Ralph Droms)
(Robert Sparks)
(Ron Bonica)
(Russ Housley)
(Stewart Bryant)
Recuse
Note: This ballot was opened for revision 11 and is now closed.
Tim Polk Former IESG member
Yes
Yes
()
Unknown
Adrian Farrel Former IESG member
(was Discuss)
No Objection
No Objection
(2011-01-05)
Unknown
The RFC Editor will ask you to remove the citation from the Abstract. --- http://www.rfc-editor.org/rfc-style-guide/abbrev.expansion.txt shows that OCSP is not a "well-known" acronym. SO could you please expand it in the document title, the Abstract, and on first use in Section 2. --- A number of other acronyms are used without expansion. CA CRL DSA --- Section 5.1 Did you think of splitting option 5 into: 5. select a mandatory algorithm 6. select a recommended algorithm since there is a very marked difference in the likelihood of success.
Alexey Melnikov Former IESG member
No Objection
No Objection
(2011-01-04)
Unknown
In Section 4: The client MUST support each of the specified preferred signature algorithms and the client MUST specify the algorithms in the order of preference. I think this is not actually saying what the order is. I suggest adding something like "from the most preferred to the least preferred" 8.3. Denial of Service Attack Algorithm agility mechanisms defined in this document introduces a slightly increased attack surface for Denial of Service attacks where the client request is altered to require algorithms that are not supported by the server, alternatively does not match pre-generated responses. The last part (after the final comma) is not readable. [NEWASN] - is this a Downref? If it is (and it wasn't explicitly called out during the IETF LC), is [NEWASN] in the Downref registry?
Jari Arkko Former IESG member
(was Discuss)
No Objection
No Objection
()
Unknown
Peter Saint-Andre Former IESG member
No Objection
No Objection
(2011-01-05)
Unknown
1. Section 8.1 uses the phrases "considered unacceptably insecure" and "not considered acceptably secure". Are these equivalent? 2. In Section 8.3, please consider citing RFC 4732 on the concept of denial of service attacks.
Ralph Droms Former IESG member
No Objection
No Objection
()
Unknown
Robert Sparks Former IESG member
No Objection
No Objection
()
Unknown
Ron Bonica Former IESG member
No Objection
No Objection
()
Unknown
Russ Housley Former IESG member
No Objection
No Objection
()
Unknown
Stewart Bryant Former IESG member
No Objection
No Objection
()
Unknown
Sean Turner Former IESG member
Recuse
Recuse
(2011-01-04)
Unknown
I am going to recuse myself from this draft because I was involved in proposing the ASN.1 structure. I don't consider that an insignificant contribution. I am however happy with this draft.