Online Certificate Status Protocol Algorithm Agility
Note: This ballot was opened for revision 11 and is now closed.
(Tim Polk; former steering group member) Yes
(Adrian Farrel; former steering group member) (was Discuss) No Objection
The RFC Editor will ask you to remove the citation from the Abstract. --- http://www.rfc-editor.org/rfc-style-guide/abbrev.expansion.txt shows that OCSP is not a "well-known" acronym. SO could you please expand it in the document title, the Abstract, and on first use in Section 2. --- A number of other acronyms are used without expansion. CA CRL DSA --- Section 5.1 Did you think of splitting option 5 into: 5. select a mandatory algorithm 6. select a recommended algorithm since there is a very marked difference in the likelihood of success.
(Alexey Melnikov; former steering group member) No Objection
In Section 4: The client MUST support each of the specified preferred signature algorithms and the client MUST specify the algorithms in the order of preference. I think this is not actually saying what the order is. I suggest adding something like "from the most preferred to the least preferred" 8.3. Denial of Service Attack Algorithm agility mechanisms defined in this document introduces a slightly increased attack surface for Denial of Service attacks where the client request is altered to require algorithms that are not supported by the server, alternatively does not match pre-generated responses. The last part (after the final comma) is not readable. [NEWASN] - is this a Downref? If it is (and it wasn't explicitly called out during the IETF LC), is [NEWASN] in the Downref registry?
(Jari Arkko; former steering group member) (was Discuss) No Objection
(Peter Saint-Andre; former steering group member) No Objection
1. Section 8.1 uses the phrases "considered unacceptably insecure" and "not considered acceptably secure". Are these equivalent? 2. In Section 8.3, please consider citing RFC 4732 on the concept of denial of service attacks.
(Ralph Droms; former steering group member) No Objection
(Robert Sparks; former steering group member) No Objection
(Ron Bonica; former steering group member) No Objection
(Russ Housley; former steering group member) No Objection
(Stewart Bryant; former steering group member) No Objection
(Sean Turner; former steering group member) Recuse
I am going to recuse myself from this draft because I was involved in proposing the ASN.1 structure. I don't consider that an insignificant contribution. I am however happy with this draft.