Hi! > On Jan 16, 2026, at 13:46, [email protected] wrote: > > Authors, > > While reviewing this document during AUTH48, please resolve (as necessary) > the following questions, which are also in the source file. > > 1) <!--[rfced] Please note the title of the document has been updated as > follows. Abbreviations have been expanded per Section 3.6 of RFC 7322 > ("RFC Style Guide"). Please review. > > Original: > Updates to Lightweight OCSP Profile for High Volume Environments > > Current: > Updates to the Lightweight Online Certificate Status Protocol (OCSP) > Profile for High Volume Environments > > Because this document will obsolete RFC 5019 (rather than update it), we > suggest changing the title and abbreviated title as follows. Is this > acceptable? > > Original: > Updates to Lightweight OCSP Profile for High Volume Environments > > Perhaps (same title as RFC 5019): > The Lightweight Online Certificate Status Protocol (OCSP) Profile > for High-Volume Environments > > Similarly, may the abbreviated title (which appears in the running header > of the PDF) be updated as follows? > > Original: > Lightweight OCSP Profile Update > > Perhaps: > Lightweight OCSP Profile > -->
Yes, since we’re obsoleting it there’s no need for the “Updates to” / “Update” words. > 2) <!-- [rfced] Please insert any keywords (beyond those that appear in > the title) for use on https://www.rfc-editor.org/search. --> Revocation > 3) <!--[rfced] FYI, we changed "RECOMMENDS" to "is RECOMMENDED by" (2 > instances), > as "RECOMMENDED" is the defined keyword from BCP 14. This update allows using > the <bcp14> element without warnings. We realize the original text matches > RFC 5019. For example: > > Original: > Clients SHOULD NOT include the requestExtensions structure. If a > > requestExtensions structure is included, this profile RECOMMENDS that > > it contain only the nonce extension (id-pkix-ocsp-nonce). > > > Current: > Clients SHOULD NOT include the requestExtensions structure. If a > > requestExtensions structure is included, it is RECOMMENDED by this > > profile that the structure contain only the nonce extension (id-pkix- > > ocsp-nonce). > --> WFM > 4) <!--[rfced] Is this line within the sourcecode in Section 3.2.1 > intended to be a comment within the sourcecode, or should it be > taken out of the sourcecode? (Note: This line exceeded the 72-character > limit so we included a line break within the sourcecode.) > > Original: > The value for response SHALL be the DER encoding of BasicOCSPResponse. > --> This sentence should be taken out of the source code, so I guess that means there’s two blocks of source code. > 5) <!--[rfced] May we update this sentence as follows to clarify that the > protocol in [RFC5019] is backward compatible, rather than the RFC itself? > > Original: > Older responders which provide backward compatibility with [RFC5019] > MAY use the byName field to represent the ResponderID, but should > transition to using the byKey field as soon as practical. > > Perhaps: > Older responders that provide backward compatibility with the protocol > defined in [RFC5019] MAY use the byName field to represent the ResponderID > but should transition to using the byKey field as soon as practical. > --> Yes > 6) <!--[rfced] We are having some trouble understanding how "server name and > base64-encoded OCSPRequest structure" fits into the sentence below. Please > review and let us know the sentence may be updated for clarity. > > Original: > When sending requests that are less than or > equal to 255 bytes in total (after encoding) including the scheme and > delimiters (http://), server name and base64-encoded OCSPRequest > structure, clients MUST use the GET method (to enable OCSP response > caching). > > Perhaps: > When sending requests that are less than or > equal to 255 bytes in total (after encoding), including the scheme and > delimiters (http://), server name, and base64-encoded OCSPRequest > structure, clients MUST use the GET method (to enable OCSP response > caching). > --> I think that’s right. The 255 bytes needs to include everything that is listed there. > 7) <!--[rfced] Should "productedAt" be "producedAt" (no 't')? > Even though RFC 5019 contains one instance of "productedAt", > it contains seven instances of "producedAt". We note that other > RFCs also use "producedAt" (e.g., RFCs 9654, 6960, 5912). > > Original: > productedAt = March 19, 2023 01:00:00 GMT > > Suggested: > producedAt = March 19, 2023 01:00:00 GMT > --> GREAT CATCH! Definitely needs to be “producedAt”! > 8) <!--[rfced] May this sentence be updated as follows to avoid citing > RFC 9846 twice? > > Original: > This functionality has been specified as an extension to the TLS > [I-D.ietf-tls-rfc8446bis] protocol in Section 4.4.2 of > [I-D.ietf-tls-rfc8446bis], but can be applied to any client-server > protocol. > > Current: > This functionality has been specified as an extension to the TLS > protocol [RFC9846] in Section 4.4.2 of [RFC9846] but can be applied > to any client-server protocol. > > Option A: > This functionality has been specified as an extension to the TLS > protocol in Section 4.4.2 of [RFC9846] but can be applied > to any client-server protocol. > > Option B: > In Section 4.4.2 of [RFC9846], this functionality has been specified > as an extension to the TLS protocol, but it can be applied to any > client-server protocol. > --> I prefer option A. > 9) <!-- [rfced] We were unable to find a document directly matching the > title provided in the original reference. The URL provided goes to the > homepage for the Open Mobile Alliance. We did find the following URL, > which points to the OCSP Mobile Profile: > https://www.openmobilealliance.org/release/OCSP/V1_0-20040127-C/OMA-WAP-OCSP-V1_0-20040127-C.pdf > > May we update this reference as follows? > > Original: > [OCSPMP] Open Mobile Alliance, "OCSP Mobile Profile V1.0", > www.openmobilealliance.org . > > Perhaps: > [OCSPMP] Open Mobile Alliance, "Online Certificate Status Protocol > Mobile Profile", Candidate Version V1.0, 27 January 2004, > > <https://www.openmobilealliance.org/release/OCSP/V1_0-20040127-C/OMA-WAP-OCSP-V1_0-20040127-C.pdf>. > --> I will defer to my co-authors on this one. > 10) <!-- [rfced] Please review the "type" attribute of each sourcecode element > in the XML file to ensure correctness. If the current list of preferred > values for "type" > (https://www.rfc-editor.org/rpc/wiki/doku.php?id=sourcecode-types) > does not contain an applicable type, then feel free to let us know. > Also, it is acceptable to leave the "type" attribute not set. > > In addition, review each artwork element. Specifically, > should any artwork element be tagged as sourcecode or another > element? > --> I will put this on my to do list ;) > 11) <!--[rfced] Should instances of "OCSP protocol" be updated to simply > "OCSP" to avoid redundancy (if expanded, "OCSP protocol" would read > "Online Certificate Status Protocol protocol")? Please review and let us > know if any updates are needed. > > Original: > Future versions of the OCSP protocol may provide a way for the client > to know whether the responder supports nonces or does not support > nonces. > ... > The authors of this version of the document wish to thank Alex Deacon > and Ryan Hurst for their work to produce the original version of the > lightweight profile for the OCSP protocol. > --> Yes please drop the extra “protocol” where appropriate. > 12) <!--[rfced] Abbreviations > > a) Both the expansion and the acronym for the following term are used > throughout the document. Would you like to update to using the expansion upon > first usage and the acronym for the rest of the document? > > certification authority (CA) I am happy with that. > b) We note that "AIA" has been expanded two different ways in the document. > Please review and let us know which version should be used for consistency. > > authorityInfoAccess (AIA) vs. authorityInformationAccess (AIA) > --> So this is a bit weird maybe: s3.2.2: OLD: authorityInfoAccess (AIA) extension nor cRLDistributionPoints (CRLDP) extension NEW: Authority Information Access (AIA) extension nor CRL Distribution Points (CRLDP) extension S4.1: OLD: authorityInfoAccess extension NEW: AIA extension OLD: authorityInformationAccess (AIA) extension cRLDistributionPoints extension NEW: AIA extension CRLDP extension > 13) <!-- [rfced] Please review the "Inclusive Language" portion of the online > Style Guide <https://www.rfc-editor.org/styleguide/part2/#inclusive_language> > and let us know if any changes are needed. Updates of this nature typically > result in more precise language, which is helpful for readers. > > For example, please consider whether "man-in-the-middle" should be updated. > --> I am fine with changing it to on-path if my co-authors are. spt > Thank you. > > Alanna Paloma and Alice Russo > RFC Production Center > > > On Jan 16, 2026, at 10:45 AM, [email protected] wrote: > > *****IMPORTANT***** > > Updated 2026/01/16 > > RFC Author(s): > -------------- > > Instructions for Completing AUTH48 > > Your document has now entered AUTH48. Once it has been reviewed and > approved by you and all coauthors, it will be published as an RFC. > If an author is no longer available, there are several remedies > available as listed in the FAQ (https://www.rfc-editor.org/faq/). > > You and you coauthors are responsible for engaging other parties > (e.g., Contributors or Working Group) as necessary before providing > your approval. > > Planning your review > --------------------- > > Please review the following aspects of your document: > > * RFC Editor questions > > Please review and resolve any questions raised by the RFC Editor > that have been included in the XML file as comments marked as > follows: > > <!-- [rfced] ... --> > > These questions will also be sent in a subsequent email. > > * Changes submitted by coauthors > > Please ensure that you review any changes submitted by your > coauthors. We assume that if you do not speak up that you > agree to changes submitted by your coauthors. > > * Content > > Please review the full content of the document, as this cannot > change once the RFC is published. Please pay particular attention to: > - IANA considerations updates (if applicable) > - contact information > - references > > * Copyright notices and legends > > Please review the copyright notice and legends as defined in > RFC 5378 and the Trust Legal Provisions > (TLP – https://trustee.ietf.org/license-info). > > * Semantic markup > > Please review the markup in the XML file to ensure that elements of > content are correctly tagged. For example, ensure that <sourcecode> > and <artwork> are set correctly. See details at > <https://authors.ietf.org/rfcxml-vocabulary>. > > * Formatted output > > Please review the PDF, HTML, and TXT files to ensure that the > formatted output, as generated from the markup in the XML file, is > reasonable. Please note that the TXT will have formatting > limitations compared to the PDF and HTML. > > > Submitting changes > ------------------ > > To submit changes, please reply to this email using ‘REPLY ALL’ as all > the parties CCed on this message need to see your changes. The parties > include: > > * your coauthors > > * [email protected] (the RPC team) > > * other document participants, depending on the stream (e.g., > IETF Stream participants are your working group chairs, the > responsible ADs, and the document shepherd). > > * [email protected], which is a new archival mailing list > to preserve AUTH48 conversations; it is not an active discussion > list: > > * More info: > > https://mailarchive.ietf.org/arch/msg/ietf-announce/yb6lpIGh-4Q9l2USxIAe6P8O4Zc > > * The archive itself: > https://mailarchive.ietf.org/arch/browse/auth48archive/ > > * Note: If only absolutely necessary, you may temporarily opt out > of the archiving of messages (e.g., to discuss a sensitive matter). > If needed, please add a note at the top of the message that you > have dropped the address. When the discussion is concluded, > [email protected] will be re-added to the CC list and > its addition will be noted at the top of the message. > > You may submit your changes in one of two ways: > > An update to the provided XML file > — OR — > An explicit list of changes in this format > > Section # (or indicate Global) > > OLD: > old text > > NEW: > new text > > You do not need to reply with both an updated XML file and an explicit > list of changes, as either form is sufficient. > > We will ask a stream manager to review and approve any changes that seem > beyond editorial in nature, e.g., addition of new text, deletion of text, > and technical changes. Information about stream managers can be found in > the FAQ. Editorial changes do not require approval from a stream manager. > > > Approving for publication > -------------------------- > > To approve your RFC for publication, please reply to this email stating > that you approve this RFC for publication. Please use ‘REPLY ALL’, > as all the parties CCed on this message need to see your approval. > > > Files > ----- > > The files are available here: > https://www.rfc-editor.org/authors/rfc9919.xml > https://www.rfc-editor.org/authors/rfc9919.html > https://www.rfc-editor.org/authors/rfc9919.pdf > https://www.rfc-editor.org/authors/rfc9919.txt > > Diff file of the text: > https://www.rfc-editor.org/authors/rfc9919-diff.html > https://www.rfc-editor.org/authors/rfc9919-rfcdiff.html (side by side) > > Diff of the XML: > https://www.rfc-editor.org/authors/rfc9919-xmldiff1.html > > > Tracking progress > ----------------- > > The details of the AUTH48 status of your document are here: > https://www.rfc-editor.org/auth48/rfc9919 > > Please let us know if you have any questions. > > Thank you for your cooperation, > > RFC Editor > > -------------------------------------- > RFC9919 (draft-ietf-lamps-rfc5019bis-12) > > Title : Updates to Lightweight OCSP Profile for High Volume > Environments > Author(s) : T. Ito, C. Wilson, C. Bonnell, S. Turner > WG Chair(s) : Russ Housley, Tim Hollebeek > Area Director(s) : Deb Cooley, Paul Wouters -- auth48archive mailing list -- [email protected] To unsubscribe send an email to [email protected]
