Re: [TLS] Certificate URL extension in draft-ietf-tls-rfc4366-bis-02

To: tls at ietf.org
Subject: Re: [TLS] Certificate URL extension in draft-ietf-tls-rfc4366-bis-02
From: Nelson B Bolyard <nelson at bolyard.com>
Date: Thu, 24 Jul 2008 16:04:11 -0700
Cc: draft-ietf-tls-rfc4366-bis at tools.ietf.org
Delivered-to: ietfarch-tls-web-archive at core3.amsl.com
Delivered-to: tls at core3.amsl.com
In-reply-to: <4888B788.7040702@pobox.com>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
Organization: Network Security Services
References: <AC1CFD94F59A264488DC2BEC3E890DE506384C05@xmb-sjc-225.amer.cisco.com> <4888B788.7040702@pobox.com>
Sender: tls-bounces at ietf.org
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.9.0.2pre) Gecko/2008072102 NOT Firefox/2.0 SeaMonkey/2.0a1pre

Mike wrote, quoting Joseph Salowey,

>> In order to resolve this issue I propose that we make the hash mandatory
>> for this extension.  If this causes an operational problem in some
>> environments then a new extension can be defined that has an optional or
>> no hash.  
> 
> It doesn't sit well with me that you have URLAndOptionalHash, and then say
> that the hash is not optional.  Plus it's been optional for more than two
> years, so changing it now is not backward compatible.

Right.  If a new extension must be defined, the onus to do so should be on
those who wish to change the existing extension.  If some folks want a new
extension in which the hash is not optional, and/or the hash algorithm
is flexible (as Mike suggests), then those folks should define the new
extension with those properties.

The people who want to keep the existing extension, as it has been defined
for years, should not need to define a new extension just to preserve the
existing one's semantics.
_______________________________________________
TLS mailing list
TLS at ietf.org
https://www.ietf.org/mailman/listinfo/tls

Follow-Ups:
- Re: [TLS] Certificate URL extension in draft-ietf-tls-rfc4366-bis-02
  - From: Eric Rescorla

References:
- [TLS] Certificate URL extension in draft-ietf-tls-rfc4366-bis-02
  - From: Joseph Salowey (jsalowey)
- Re: [TLS] Certificate URL extension in draft-ietf-tls-rfc4366-bis-02
  - From: Mike

Prev by Date: Re: [TLS] Certificate URL extension in draft-ietf-tls-rfc4366-bis-02
Next by Date: Re: [TLS] Certificate URL extension in draft-ietf-tls-rfc4366-bis-02
Previous by thread: Re: [TLS] Certificate URL extension in draft-ietf-tls-rfc4366-bis-02
Next by thread: Re: [TLS] Certificate URL extension in draft-ietf-tls-rfc4366-bis-02
Index(es):
- Date
- Thread

Re: [TLS] Certificate URL extension in draft-ietf-tls-rfc4366-bis-02

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.