Skip to main content

Online Certificate Status Protocol Algorithm Agility
draft-ietf-pkix-ocspagility-11

Yes

(Tim Polk)

No Objection

(Jari Arkko)
(Ralph Droms)
(Robert Sparks)
(Ron Bonica)
(Russ Housley)
(Stewart Bryant)

Recuse


Note: This ballot was opened for revision 11 and is now closed.

(Tim Polk; former steering group member) Yes

Yes ()

                            

(Adrian Farrel; former steering group member) (was Discuss) No Objection

No Objection (2011-01-05)
The RFC Editor will ask you to remove the citation from the Abstract. 

---

http://www.rfc-editor.org/rfc-style-guide/abbrev.expansion.txt shows 
that OCSP is not a "well-known" acronym. SO could you please expand it 
in the document title, the Abstract, and on first use in Section 2.

---

A number of other acronyms are used without expansion.
CA
CRL
DSA

---

Section 5.1

Did you think of splitting option 5 into:
  5. select a mandatory algorithm
  6. select a recommended algorithm
since there is a very marked difference in the likelihood of success.

(Alexey Melnikov; former steering group member) No Objection

No Objection (2011-01-04)
In Section 4:

   The client MUST support each of the specified preferred signature
   algorithms and the client MUST specify the algorithms in the order of
   preference.

I think this is not actually saying what the order is. I suggest adding something like
"from the most preferred to the least preferred"


8.3. Denial of Service Attack

   Algorithm agility mechanisms defined in this document introduces a
   slightly increased attack surface for Denial of Service attacks where
   the client request is altered to require algorithms that are not
   supported by the server, alternatively does not match pre-generated
   responses.

The last part (after the final comma) is not readable.


[NEWASN] - is this a Downref? If it is (and it wasn't explicitly called out during the IETF LC), is [NEWASN] in the Downref registry?

(Jari Arkko; former steering group member) (was Discuss) No Objection

No Objection ()

                            

(Peter Saint-Andre; former steering group member) No Objection

No Objection (2011-01-05)
1. Section 8.1 uses the phrases "considered unacceptably insecure" and "not considered acceptably secure". Are these equivalent?

2. In Section 8.3, please consider citing RFC 4732 on the concept of denial of service attacks.

(Ralph Droms; former steering group member) No Objection

No Objection ()

                            

(Robert Sparks; former steering group member) No Objection

No Objection ()

                            

(Ron Bonica; former steering group member) No Objection

No Objection ()

                            

(Russ Housley; former steering group member) No Objection

No Objection ()

                            

(Stewart Bryant; former steering group member) No Objection

No Objection ()

                            

(Sean Turner; former steering group member) Recuse

Recuse (2011-01-04)
I am going to recuse myself from this draft because I was involved in proposing the ASN.1 structure.  I don't consider that an insignificant contribution.  I am however happy with this draft.