On Tuesday, 15 August 2017 19:42:30 CEST Benjamin Kaduk wrote:
> On 08/14/2017 01:26 PM, Ilari Liusvaara wrote:
> > On Mon, Aug 14, 2017 at 08:03:08PM +0200, Hubert Kario wrote:
> >> Current (21) draft references RFC 6961 in multiple places, in particular
> >> 
> >>  * Section 4.4.2:
> >>      Valid extensions
> >>      include OCSP Status extensions ([RFC6066] and [RFC6961])
> >>  
> >>  * and therein implicitly:
> >>      If
> >>      an extension applies to the entire chain, it SHOULD be included in
> >>      the first CertificateEntry.
> >> 
> >> at the same time section B.3.1 ExtensionType and table from Section 4.2
> >> do not list status_request_v2 as a valid extension.
> >> 
> >> 
> >> If the intention was to deprecate status_request_v2, I think the
> >> references to RFC 6961 should be a bit more cautious. If it wasn't (as
> >> old messages sent to the list would indicate), quite a bit of text is
> >> missing.
> > 
> > The introduction suggests that TLS 1.3 intends to deprecate
> > status_request_v2.
> 
> Yes, the intention was to deprecate status_request_v2.

Proposed text to remove the ambiguity:
https://github.com/tlswg/tls13-spec/pull/1075

-- 
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00  Brno, Czech Republic

Attachment: signature.asc
Description: This is a digitally signed message part.

_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Reply via email to