Skip to main content

The Transport Layer Security (TLS) Multiple Certificate Status Request Extension
draft-ietf-tls-multiple-cert-status-extension-08

Revision differences

Document history

Date Rev. By Action
2013-06-06
08 (System) RFC Editor state changed to AUTH48-DONE from AUTH48
2013-05-20
08 (System) RFC Editor state changed to AUTH48 from RFC-EDITOR
2013-05-09
08 (System) RFC Editor state changed to RFC-EDITOR from REF
2013-05-01
08 (System) RFC Editor state changed to REF from EDIT
2013-04-19
08 (System) IANA Action state changed to RFC-Ed-Ack from Waiting on RFC Editor
2013-04-18
08 Elwyn Davies Request for Telechat review by GENART Completed: Ready. Reviewer: Elwyn Davies.
2013-04-18
08 (System) IANA Action state changed to Waiting on RFC Editor from In Progress
2013-04-18
08 (System) IANA Action state changed to In Progress from RFC-Ed-Ack
2013-04-18
08 (System) IANA Action state changed to Waiting on Authors from RFC-Ed-Ack
2013-04-16
08 Amy Vezza State changed to RFC Ed Queue from Approved-announcement sent
2013-04-15
08 (System) RFC Editor state changed to EDIT
2013-04-15
08 (System) Announcement was received by RFC Editor
2013-04-15
08 (System) IANA Action state changed to In Progress
2013-04-15
08 Amy Vezza State changed to Approved-announcement sent from Approved-announcement to be sent::Point Raised - writeup needed
2013-04-15
08 Amy Vezza IESG has approved the document
2013-04-15
08 Amy Vezza Closed "Approve" ballot
2013-04-15
08 Amy Vezza Ballot approval text was generated
2013-04-15
08 Amy Vezza Ballot writeup was changed
2013-04-11
08 Yngve Pettersen New version available: draft-ietf-tls-multiple-cert-status-extension-08.txt
2013-04-11
07 Cindy Morgan State changed to Approved-announcement to be sent::Point Raised - writeup needed from IESG Evaluation
2013-04-11
07 Richard Barnes [Ballot Position Update] Position for Richard Barnes has been changed to No Objection from Discuss
2013-04-11
07 Joel Jaeggli [Ballot Position Update] New position, No Objection, has been recorded for Joel Jaeggli
2013-04-11
07 Gonzalo Camarillo [Ballot Position Update] New position, No Objection, has been recorded for Gonzalo Camarillo
2013-04-11
07 Stephen Farrell
[Ballot comment]

Thanks for quickly handling my discuss points!

I note the 2560/2560bis issue still needs fixing and am ok
that that'll be done. If …
[Ballot comment]

Thanks for quickly handling my discuss points!

I note the 2560/2560bis issue still needs fixing and am ok
that that'll be done. If the answer is that 2560bis becomes
the normative reference then that's fine, but in that case
I do think it'd be good to retain the text that clarifies how
to handle id-pkix-ocsp-nonce if you're coding this based on
a 2560 and not a 2560bis implementation, since that
will be the case for a while yet. And that'd mean keeping
2560 as an informative ref too.
2013-04-11
07 Stephen Farrell [Ballot Position Update] Position for Stephen Farrell has been changed to Yes from Discuss
2013-04-11
07 Yngve Pettersen New version available: draft-ietf-tls-multiple-cert-status-extension-07.txt
2013-04-10
06 Ted Lemon
[Ballot comment]
If this document were updated to reference 2560bis instead of 2560, I think this text could simply be removed, since the correction is …
[Ballot comment]
If this document were updated to reference 2560bis instead of 2560, I think this text could simply be removed, since the correction is present in 2560bis:

  In the case of the "id-pkix-ocsp-nonce" OCSP extension, [RFC2560] is       
  unclear about its encoding; for clarification, the nonce MUST be a         
  DER-encoded OCTET STRING, which is encapsulated as another OCTET           
  STRING (note that implementations based on an existing OCSP client         
  will need to be checked for conformance to this requirement).               

If the authors do not want to reference 2560bis for some reason, then the above language seems to me to update 2560.

  The items in the list of CertificateStatusRequestItemV2 entries are
  in order of the client's preference (favorite choice first).

Does the idea of "favorite choice first" really make sense?  Either an OCSP responder is trusted or not, right?  I'm not so clear on the architecture here that I can be sure this question makes sense, but I wonder if randomizing the list doesn't make just as much or more sense than ordering it according to some unspecified notion of favorites.
2013-04-10
06 Ted Lemon [Ballot Position Update] New position, No Objection, has been recorded for Ted Lemon
2013-04-10
06 Pete Resnick [Ballot Position Update] New position, No Objection, has been recorded for Pete Resnick
2013-04-10
06 Adrian Farrel [Ballot Position Update] New position, No Objection, has been recorded for Adrian Farrel
2013-04-09
06 Richard Barnes
[Ballot discuss]
Two points that I would like some clarification on:

1. It seems like this document should Update RFC 6066.  It doesn't change …
[Ballot discuss]
Two points that I would like some clarification on:

1. It seems like this document should Update RFC 6066.  It doesn't change anything in the document, but it's effectively a "v2" of the OCSP status request extension.

2. It seems like this document should reference RFC 2560bis instead of RFC 2560.
2013-04-09
06 Richard Barnes
[Ballot comment]
In the Abstract, this phrase seems unclear: "multiple certificate status methods (commonly referred to as OCSP stapling)".  Suggest: "multiple certificate status methods.  (The …
[Ballot comment]
In the Abstract, this phrase seems unclear: "multiple certificate status methods (commonly referred to as OCSP stapling)".  Suggest: "multiple certificate status methods.  (The use of the Certificate Status extension is commonly referred to as "OCSP stapling".)"

In Section 2.2., it would be helpful if you could clarify which parts are new, and which are restated from RFC 6066.

In Section 2.2., "see also" should be "as defined in"
2013-04-09
06 Richard Barnes [Ballot Position Update] New position, Discuss, has been recorded for Richard Barnes
2013-04-09
06 Stephen Farrell
[Ballot discuss]
Two cleared, two to go:-)

(1) cleared

(2) 2.2, last para: the language here is pretty yukky, for
example the terms "inconclusive," "believes," …
[Ballot discuss]
Two cleared, two to go:-)

(1) cleared

(2) 2.2, last para: the language here is pretty yukky, for
example the terms "inconclusive," "believes," "might wish" and
(particularly) "engage in activities that require trust" all
seem like things that generic TLS client code will not get
right. If you tell me that this language is the result of a
hard-fought set of WG discussions, I'll clear, but if it
didn't get significant WG discussion, (sorry, can't recall)
then I think it needs to be fixed up so as to be something a
piece of generic TLS client code can implement, with the
higher/application layer issues clearly separated out from
things that generic TLS client code can reasonably do.
Here's a suggested replacement for that paragraph:

"
  If the OCSP response received from the server does not result in
  a "good" or "revoked" status, it is inconclusive.  A TLS client
  in such a case MAY check the validity of the server certificate
  through other means, e.g., by directly querying the certificate
  issuer's CRL or OCSP responders. If such processing still results
  in an inconclusive response this creates a tricky issue for the
  application that includes a TLS client that uses this
  specification - should it fail the connection or not?  Note that
  this is really an issue for the application using TLS and cannot
  be handled by the generic TLS client code without information
  from the application. If the application doesn't provide any such
  information, then the client MUST abort the connection since the
  server certificate has not been sufficiently validated.

  An example of where the application might wish to continue is
  with EAP-TLS, where the application can use another mechanism to
  check the status of a certificate once it obtains network access.
  In this case, the application could have the client continue with
  the handshake, but it MUST NOT disclose a username and password
  until it has fully validated the server certificate.
"

Yngve suggested a tweak to the above which seemed good.

(3) cleared

(4) cleared
2013-04-09
06 Stephen Farrell
[Ballot comment]
- intro, I think you *really* should also note the potential
privacy benefit here too - if the reduced roundtrips mean that
the …
[Ballot comment]
- intro, I think you *really* should also note the potential
privacy benefit here too - if the reduced roundtrips mean that
the browser/client doesn't have to tell a CA/OSCP-responder
the certificate serial number of a TLS server with which its
negotiating that's a positive privacy benefit.

Yngve suggested this which is good I think:

  "Additionally, using this extension significantly reduces
  privacy concerns around the clients informing the Certificate
  Issuer about which sites they are visiting."

- 2.2 says 2560 is unclear about encoding a thing - is there
an erratum for that? 6677 updates 2560, does it include the
clarification? Is "checked for conformance" the right term to
use? Maybe "might need to be modified" would be better?

I think that means you need to reference 2560bis as normative.
Maybe add text meaning "2560bis is the way you should do this
but lots of people will be doing 2560 for ages yet" and probably
say that 2560bis fixes this issue too.

- 4.1, given that the client can send the server a possibly
long list of things to do and maybe send the server to a slow
responder, don't you need to note that servers need to
consider accidental or deliberate potential DoS as a result? I
guess just saying to be careful with handling the
client-specified data as usual would be enough.

Maybe say something like:

  "since this extension (like others) allows the client to get the
  server to do work, server implementers need to be aware that
  that could be a DoS vector"

Some more tweaks to the above suggested. I also cleared
discuss point 3 which was:

What does a server do with a request list that contains
stuff the server doesn't understand? I assume the server ought
ignore any such garbage Extensions or unknown ResponderID
fields? (ResponderID can be an X.500 Name, so can also contain
who-knows-what crapology;-)  Don't you need to say that?
(Maybe that's elsewhere in 2560 or 5246 or 6066, which'd be
fine, but I didn't check;-)

Yngve said basically those are passed on to the OSCP
responder but probably not parsed. Be good to say that
in the draft.
2013-04-09
06 Stephen Farrell Ballot comment and discuss text updated for Stephen Farrell
2013-04-09
06 Stewart Bryant [Ballot Position Update] New position, No Objection, has been recorded for Stewart Bryant
2013-04-09
06 Jari Arkko [Ballot Position Update] New position, No Objection, has been recorded for Jari Arkko
2013-04-09
06 Benoît Claise [Ballot Position Update] New position, No Objection, has been recorded for Benoit Claise
2013-04-08
06 Stephen Farrell
[Ballot discuss]

Two cleared, two to go:-)

(1) cleared

(2) 2.2, last para: the language here is pretty yukky, for
example the terms "inconclusive," "believes," …
[Ballot discuss]

Two cleared, two to go:-)

(1) cleared

(2) 2.2, last para: the language here is pretty yukky, for
example the terms "inconclusive," "believes," "might wish" and
(particularly) "engage in activities that require trust" all
seem like things that generic TLS client code will not get
right. If you tell me that this language is the result of a
hard-fought set of WG discussions, I'll clear, but if it
didn't get significant WG discussion, (sorry, can't recall)
then I think it needs to be fixed up so as to be something a
piece of generic TLS client code can implement, with the
higher/application layer issues clearly separated out from
things that generic TLS client code can reasonably do.
Here's a suggested replacement for that paragraph:

"
  If the OCSP response received from the server does not result in
  a "good" or "revoked" status, it is inconclusive.  A TLS client
  in such a case MAY check the validity of the server certificate
  through other means, e.g., by directly querying the certificate
  issuer's CRL or OCSP responders. If such processing still results
  in an inconclusive response this creates a tricky issue for the
  application that includes a TLS client that uses this
  specification - should it fail the connection or not?  Note that
  this is really an issue for the application using TLS and cannot
  be handled by the generic TLS client code without information
  from the application. If the application doesn't provide any such
  information, then the client MUST abort the connection since the
  server certificate has not been sufficiently validated.

  An example of where the application might wish to continue is
  with EAP-TLS, where the application can use another mechanism to
  check the status of a certificate once it obtains network access.
  In this case, the application could have the client continue with
  the handshake, but it MUST NOT disclose a username and password
  until it has fully validated the server certificate.
"

(3) What does a server do with a request list that contains
stuff the server doesn't understand? I assume the server ought
ignore any such garbage Extensions or unknown ResponderID
fields? (ResponderID can be an X.500 Name, so can also contain
who-knows-what crapology;-)  Don't you need to say that?
(Maybe that's elsewhere in 2560 or 5246 or 6066, which'd be
fine, but I didn't check;-)

(4) cleared
2013-04-08
06 Stephen Farrell
[Ballot comment]

- intro, I think you *really* should also note the potential
privacy benefit here too - if the reduced roundtrips mean that
the …
[Ballot comment]

- intro, I think you *really* should also note the potential
privacy benefit here too - if the reduced roundtrips mean that
the browser/client doesn't have to tell a CA/OSCP-responder
the certificate serial number of a TLS server with which its
negotiating that's a positive privacy benefit.

Yngve suggested this which is good I think:

  "Additionally, using this extension significantly reduces
  privacy concerns around the clients informing the Certificate
  Issuer about which sites they are visiting."

- 2.2 says 2560 is unclear about encoding a thing - is there
an erratum for that? 6677 updates 2560, does it include the
clarification? Is "checked for conformance" the right term to
use? Maybe "might need to be modified" would be better?

I think that means you need to reference 2560bis as normative.
Maybe add text meaning "2560bis is the way you should do this
but lots of people will be doing 2560 for ages yet" and probably
say that 2560bis fixes this issue too.

- 4.1, given that the client can send the server a possibly
long list of things to do and maybe send the server to a slow
responder, don't you need to note that servers need to
consider accidental or deliberate potential DoS as a result? I
guess just saying to be careful with handling the
client-specified data as usual would be enough.

Maybe say something like:

  "since this extension (like others) allows the client to get the
  server to do work, server implementers need to be aware that
  that could be a DoS vector"
2013-04-08
06 Stephen Farrell Ballot comment and discuss text updated for Stephen Farrell
2013-04-08
06 Stephen Farrell
[Ballot discuss]

I think these discuss points should hopefully go away pretty
quickly, but given that TLS is just getting more important I
figure asking …
[Ballot discuss]

I think these discuss points should hopefully go away pretty
quickly, but given that TLS is just getting more important I
figure asking is safer/right.

(1) How does this play with 2560bis? I'm not sure if you ought
say anything here or not, but I wonder how all the 2560bis
discussion about handling mis-issued certs via HTTP errors
might play here. Given both drafts are on the same telechat,
it seems like we should know the answer to this:-)

(2) 2.2, last para: the language here is pretty yukky, for
example the terms "inconclusive," "believes," "might wish" and
(particularly) "engage in activities that require trust" all
seem like things that generic TLS client code will not get
right. If you tell me that this language is the result of a
hard-fought set of WG discussions, I'll clear, but if it
didn't get significant WG discussion, (sorry, can't recall)
then I think it needs to be fixed up so as to be something a
piece of generic TLS client code can implement, with the
higher/application layer issues clearly separated out from
things that generic TLS client code can reasonably do.

(3) What does a server do with a request list that contains
stuff the server doesn't understand? I assume the server ought
ignore any such garbage Extensions or unknown ResponderID
fields? (ResponderID can be an X.500 Name, so can also contain
who-knows-what crapology;-)  Don't you need to say that?
(Maybe that's elsewhere in 2560 or 5246 or 6066, which'd be
fine, but I didn't check;-)

(4) Can the client supply a load of garbage bytes here that'd
feed into the FINISHED message hash calculation in a dodgy way
with e.g. some dodgy ciphersuite? I'm thinking of the way
chosen-prefix collisions were used in the hashclash attack and
whether maybe a bad client could take advantage of that by
including sufficient garbage in the request list. I can't see
an actual attack here right now, so I'll clear this if you
tell me its ok, but I do wonder if 4.1 maybe ought say that
servers SHOULD do some sanity checking and also say how to
barf the session if that checking fails. (If so, the
sanity-checking would of course need to be described a bit at
least.)
2013-04-08
06 Stephen Farrell
[Ballot comment]

- abstract: this says "version 2" which would raise an
expectation that something (6066?) might be UPDATED or
OBSOLETED or whatever. I would …
[Ballot comment]

- abstract: this says "version 2" which would raise an
expectation that something (6066?) might be UPDATED or
OBSOLETED or whatever. I would think that the intermediate CA
thing might mean that we really would like folks to move away
from the current OCSP extension, and onto this, and the RFC
meta-data might help there maybe.  (I don't care myself, but
just wanna check if that was considered or not since some
people do care:-)

- intro, is this intended only to be used with TLS1.2 or also
with implementations of earlier versions or SSL?

- intro, I think you *really* should also note the potential
privacy benefit here too - if the reduced roundtrips mean that
the browser/client doesn't have to tell a CA/OSCP-responder
the certificate serial number of a TLS server with which its
negotiating that's a positive privacy benefit.

- intro, 3rd para: It'd be great to have a reference for some
of those cases where OCSP caused n/w problems for a CA. I can
understand if folks might prefer not to add that, but if its
already public somewhere that reference could be quite useful.
(As a lesson in what not to do again;-)

- intro, 2nd last para: you could probably add a reference to
CT there as an example of a nascent "alternative PKI
structure." If you do, please do make sure the reader gets the
fact that CT is experimental. In any case, some reference
would be good as this kind of leaves the reader wondering.

- 2.2 says 2560 is unclear about encoding a thing - is there
an erratum for that? 6677 updates 2560, does it include the
clarification? Is "checked for conformance" the right term to
use? Maybe "might need to be modified" would be better?

- 4.1, given that the client can send the server a possibly
long list of things to do and maybe send the server to a slow
responder, don't you need to note that servers need to
consider accidental or deliberate potential DoS as a result? I
guess just saying to be careful with handling the
client-specified data as usual would be enough.

- On my discuss point 4: The closest I can get to an attack
based on this would be if the hash function used for the
Hash(handshake_messages) in the FINISHED calculation were
broken for collisions and if the request list were also used
by the server to pick a responder with which to check the
client cert in mutual authentication cases - that might allow
a chosen-prefix collision attack to get the server to use a
colluding OCSP responder, allowing replay of a TLS session
even after the client public key had been revoked.  That's
not very compelling in at least a few ways, but might suggest
something to someone cleverer than me;-)
2013-04-08
06 Stephen Farrell [Ballot Position Update] New position, Discuss, has been recorded for Stephen Farrell
2013-04-08
06 Martin Stiemerling [Ballot Position Update] New position, No Objection, has been recorded for Martin Stiemerling
2013-04-04
06 Jean Mahoney Request for Telechat review by GENART is assigned to Elwyn Davies
2013-04-04
06 Jean Mahoney Request for Telechat review by GENART is assigned to Elwyn Davies
2013-04-04
06 Brian Haberman [Ballot Position Update] New position, No Objection, has been recorded for Brian Haberman
2013-04-04
06 Tero Kivinen Request for Last Call review by SECDIR Completed: Has Issues. Reviewer: Hilarie Orman.
2013-04-02
06 Yngve Pettersen New version available: draft-ietf-tls-multiple-cert-status-extension-06.txt
2013-03-31
05 Barry Leiba [Ballot Position Update] New position, No Objection, has been recorded for Barry Leiba
2013-03-29
05 Yngve Pettersen New version available: draft-ietf-tls-multiple-cert-status-extension-05.txt
2013-03-29
04 Sean Turner State changed to IESG Evaluation from Waiting for AD Go-Ahead
2013-03-29
04 Sean Turner Ballot has been issued
2013-03-29
04 Sean Turner [Ballot Position Update] New position, Yes, has been recorded for Sean Turner
2013-03-29
04 Sean Turner Created "Approve" ballot
2013-03-29
04 (System) State changed to Waiting for AD Go-Ahead from In Last Call
2013-03-27
04 Pearl Liang
IESG/Authors/WG Chairs:

IANA has reviewed draft-ietf-tls-multiple-cert-status-extension-04. 
Authors should review the comments and/or questions below.  Please report any inaccuracies and respond to any questions as soon …
IESG/Authors/WG Chairs:

IANA has reviewed draft-ietf-tls-multiple-cert-status-extension-04. 
Authors should review the comments and/or questions below.  Please report any inaccuracies and respond to any questions as soon as possible.

We understand that, upon approval of this document, there are two actions which we must complete.

First in the ExtensionType Values subregistry of the Transport Layer Security (TLS) Extensions registry located at:

http://www.iana.org/assignments/tls-extensiontype-values

a single new Extension Type will be registered as follows:

Value: [ TBD-at-registration ]
Extension Name: status_request_v2
Reference: [ RFC-to-be ]

Second, a new registry is to be created called the "TLS Certificate Status Types" registry and will be a subregistry of the Transport Layer Security (TLS) Extensions registry located at:

http://www.iana.org/assignments/tls-extensiontype-values

Maintenance of the new subregistry is done through IETF Review as defined in RFC 5226.

There are initial registrations in the new subregistry as follows:

Value Description Reference
1 ocsp [ RFC-to-be ]
2 ocsp_multi [ RFC-to-be ]

We understand these two actions to be the only ones required to be
completed upon approval of this document.

Note:  The actions requested in this document will not be completed
until the document has been approved for publication as an RFC.
This message is only to confirm what actions will be performed.
2013-03-22
04 Elwyn Davies Request for Last Call review by GENART Completed: Ready with Issues. Reviewer: Elwyn Davies.
2013-03-21
04 Tero Kivinen Request for Last Call review by SECDIR is assigned to Hilarie Orman
2013-03-21
04 Tero Kivinen Request for Last Call review by SECDIR is assigned to Hilarie Orman
2013-03-21
04 Jean Mahoney Request for Last Call review by GENART is assigned to Elwyn Davies
2013-03-21
04 Jean Mahoney Request for Last Call review by GENART is assigned to Elwyn Davies
2013-03-15
04 Amy Vezza IANA Review state changed to IANA - Review Needed
2013-03-15
04 Amy Vezza
The following Last Call announcement was sent out:

From: The IESG
To: IETF-Announce
CC:
Reply-To: ietf@ietf.org
Subject: Last Call:  (The TLS Multiple Certificate Status Request …
The following Last Call announcement was sent out:

From: The IESG
To: IETF-Announce
CC:
Reply-To: ietf@ietf.org
Subject: Last Call:  (The TLS Multiple Certificate Status Request Extension) to Proposed Standard


The IESG has received a request from the Transport Layer Security WG
(tls) to consider the following document:
- 'The TLS Multiple Certificate Status Request Extension'
  as Proposed
Standard

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf@ietf.org mailing lists by 2013-03-29. Exceptionally, comments may be
sent to iesg@ietf.org instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.

Abstract


  This document defines the Transport Layer Security (TLS) Certificate
  Status Version 2 Extension to allow clients to specify and support
  multiple certificate status methods.  Also defined is a new method
  based on the Online Certificate Status Protocol (OCSP) that servers
  can use to provide status information not just about the server's own
  certificate, but also the status of intermediate certificates in the
  chain.




The file can be obtained via
http://datatracker.ietf.org/doc/draft-ietf-tls-multiple-cert-status-extension/

IESG discussion can be tracked via
http://datatracker.ietf.org/doc/draft-ietf-tls-multiple-cert-status-extension/ballot/


No IPR declarations have been submitted directly on this I-D.


2013-03-15
04 Amy Vezza State changed to In Last Call from Last Call Requested
2013-03-15
04 Sean Turner Placed on agenda for telechat - 2013-04-11
2013-03-15
04 Sean Turner Last call was requested
2013-03-15
04 Sean Turner Ballot approval text was generated
2013-03-15
04 Sean Turner State changed to Last Call Requested from AD Evaluation
2013-03-15
04 Sean Turner Ballot writeup was changed
2013-03-15
04 Sean Turner Ballot writeup was generated
2013-03-15
04 Sean Turner Last call announcement was generated
2013-02-20
04 Sean Turner State changed to AD Evaluation from Publication Requested
2013-02-15
04 Amy Vezza
(1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Why is this the proper type of RFC? …
(1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Why is this the proper type of RFC? Is this type of RFC indicated in the title page header?

The type of document is proposed standard. It provides a mechanism useful for the internet and represents working group consensus. The document indicates "Standards Track"

(2) The IESG approval announcement includes a Document Announcement Write-Up. Please provide such a Document Announcement Write-Up. Recent examples can be found in the "Action" announcements for approved documents. The approval announcement contains the following sections:

Technical Summary:
This document defines the Transport Layer Security (TLS) Certificate
Status Version 2 Extension to allow clients to specify and support
multiple certificate status methods. Also defined is a new method
based on the Online Certificate Status Protocol (OCSP) that servers
can use to provide status information not just about the server's own
certificate, but also the status of intermediate certificates in the
chain.

Working Group Summary:
In general working group consensus was smooth. There were no major sticking points

Document Quality:
There are a number of implementers who plan to implement this protocol extension.

Personnel:
Shepherd - Joe Salowey; AD - Sean turner

(3) Briefly describe the review of this document that was performed by the Document Shepherd. If this version of the document is not ready for publication, please explain why the document is being forwarded to the IESG.

The document shepherd has read the document and run the I-D nits tool.

(4) Does the document Shepherd have any concerns about the depth or breadth of the reviews that have been performed?

No.

(5) Do portions of the document need review from a particular or from broader perspective, e.g., security, operational complexity, AAA, DNS, DHCP, XML, or internationalization? If so, describe the review that took place.

THe document has be reviewed by members of the TLS working group that have expertise in TLS and OCSP.

(6) Describe any specific concerns or issues that the Document Shepherd has with this document that the Responsible Area Director and/or the IESG should be aware of? For example, perhaps he or she is uncomfortable with certain parts of the document, or has concerns whether there really is a need for it. In any event, if the WG has discussed those issues and has indicated that it still wishes to advance the document, detail those concerns here.

No concerns

(7) Has each author confirmed that any and all appropriate IPR disclosures required for full conformance with the provisions of BCP 78 and BCP 79 have already been filed. If not, explain why?

Yes the author has confirmed this,

(8) Has an IPR disclosure been filed that references this document? If so, summarize any WG discussion and conclusion regarding the IPR disclosures.

No IPR declaration has been filed

(9) How solid is the WG consensus behind this document? Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it?

I would say that there is strong concurrence of a few individuals with a general support for the document

(10) Has anyone threatened an appeal or otherwise indicated extreme discontent? If so, please summarise the areas of conflict in separate email messages to the Responsible Area Director. (It should be in a separate email because this questionnaire is publicly available.)

No

(11) Identify any ID nits the Document Shepherd has found in this document. (See http://www.ietf.org/tools/idnits/ and the Internet-Drafts Checklist). Boilerplate checks are not enough; this check needs to be thorough.

No nits

(12) Describe how the document meets any required formal review criteria, such as the MIB Doctor, media type, and URI type reviews.

The document has a security considerations section

(13) Have all references within this document been identified as either normative or informative?

Yes

(14) Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state? If such normative references exist, what is the plan for their completion?

No

(15) Are there downward normative references references (see RFC 3967)? If so, list these downward references to support the Area Director in the Last Call procedure.

No

(16) Will publication of this document change the status of any existing RFCs? Are those RFCs listed on the title page header, listed in the abstract, and discussed in the introduction? If the RFCs are not listed in the Abstract and Introduction, explain why, and point to the part of the document where the relationship of this document to the other RFCs is discussed. If this information is not in the document, explain why the WG considers it unnecessary.

This document does not change the status of existing RFCs.

(17) Describe the Document Shepherd's review of the IANA considerations section, especially with regard to its consistency with the body of the document. Confirm that all protocol extensions that the document makes are associated with the appropriate reservations in IANA registries. Confirm that any referenced IANA registries have been clearly identified. Confirm that newly created IANA registries include a detailed specification of the initial contents for the registry, that allocations procedures for future registrations are defined, and a reasonable name for the new registry has been suggested (see RFC 5226).

The IANA Considerations are complete

(18) List any new IANA registries that require Expert Review for future allocations. Provide any public guidance that the IESG would find useful in selecting the IANA Experts for these new registries.

New IANA registry is by IETF consensus

(19) Describe reviews and automated checks performed by the Document Shepherd to validate sections of the document written in a formal language, such as XML code, BNF rules, MIB definitions, etc.

This document does not contain such sections.
2013-02-15
04 Amy Vezza Note added 'Document Shepherd - Joe Salowey (jsalowey@cisco.com)'
2013-02-15
04 Amy Vezza Intended Status changed to Proposed Standard
2013-02-15
04 Amy Vezza IESG process started in state Publication Requested
2013-02-06
04 Yngve Pettersen New version available: draft-ietf-tls-multiple-cert-status-extension-04.txt
2013-01-09
03 Yngve Pettersen New version available: draft-ietf-tls-multiple-cert-status-extension-03.txt
2012-10-19
02 Yngve Pettersen New version available: draft-ietf-tls-multiple-cert-status-extension-02.txt
2012-07-08
01 Yngve Pettersen New version available: draft-ietf-tls-multiple-cert-status-extension-01.txt
2012-05-09
00 Yngve Pettersen New version available: draft-ietf-tls-multiple-cert-status-extension-00.txt