> On Jan 20, 2026, at 14:58, Alanna Paloma <[email protected]> wrote: > > Hi Sean, > > Thank you for your reply. We have updated as requested. > > Please note that we are awaiting for these two queries to be confirmed: > >>> 9) <!-- [rfced] We were unable to find a document directly matching the >>> title provided in the original reference. The URL provided goes to the >>> homepage for the Open Mobile Alliance. We did find the following URL, >>> which points to the OCSP Mobile Profile: >>> https://www.openmobilealliance.org/release/OCSP/V1_0-20040127-C/OMA-WAP-OCSP-V1_0-20040127-C.pdf >>> >>> May we update this reference as follows? >>> >>> Original: >>> [OCSPMP] Open Mobile Alliance, "OCSP Mobile Profile V1.0", >>> www.openmobilealliance.org . >>> >>> Perhaps: >>> [OCSPMP] Open Mobile Alliance, "Online Certificate Status Protocol >>> Mobile Profile", Candidate Version V1.0, 27 January 2004, >>> <https://www.openmobilealliance.org/release/OCSP/V1_0-20040127-C/OMA-WAP-OCSP-V1_0-20040127-C.pdf>. >>> --> >> >> I will defer to my co-authors on this one. >> >>> 10) <!-- [rfced] Please review the "type" attribute of each sourcecode >>> element >>> in the XML file to ensure correctness. If the current list of preferred >>> values for "type" >>> (https://www.rfc-editor.org/rpc/wiki/doku.php?id=sourcecode-types) >>> does not contain an applicable type, then feel free to let us know. >>> Also, it is acceptable to leave the "type" attribute not set. >>> >>> In addition, review each artwork element. Specifically, >>> should any artwork element be tagged as sourcecode or another >>> element? >>> --> >> >> I will put this on my to do list ;)
I was being sooo slow. I pulled the xml and the three ASN.1 code blocks include the correct tag: <sourcecode type="asn.1”> I believe then we are awaiting my co-auhors response on #9! spt > The files have been posted here (please refresh): > https://www.rfc-editor.org/authors/rfc9919.xml > https://www.rfc-editor.org/authors/rfc9919.txt > https://www.rfc-editor.org/authors/rfc9919.html > https://www.rfc-editor.org/authors/rfc9919.pdf > > The relevant diff files have been posted here: > https://www.rfc-editor.org/authors/rfc9919-diff.html (comprehensive diff) > https://www.rfc-editor.org/authors/rfc9919-auth48diff.html (AUTH48 changes) > https://www.rfc-editor.org/authors/rfc9919-auth48rfcdiff.html (AUTH48 changes > side by side) > > Please review the document carefully and contact us with any further updates > you may have. Note that we do not make changes once a document is published > as an RFC. > > We will await approvals from each party listed on the AUTH48 status page > below prior to moving this document forward in the publication process. > > For the AUTH48 status of this document, please see: > https://www.rfc-editor.org/auth48/rfc9919 > > Thank you, > Alanna Paloma > RFC Production Center > >> On Jan 20, 2026, at 7:39 AM, Sean Turner <[email protected]> wrote: >> >> Hi! >> >>> On Jan 16, 2026, at 13:46, [email protected] wrote: >>> >>> Authors, >>> >>> While reviewing this document during AUTH48, please resolve (as necessary) >>> the following questions, which are also in the source file. >>> >>> 1) <!--[rfced] Please note the title of the document has been updated as >>> follows. Abbreviations have been expanded per Section 3.6 of RFC 7322 >>> ("RFC Style Guide"). Please review. >>> >>> Original: >>> Updates to Lightweight OCSP Profile for High Volume Environments >>> >>> Current: >>> Updates to the Lightweight Online Certificate Status Protocol (OCSP) >>> Profile for High Volume Environments >>> >>> Because this document will obsolete RFC 5019 (rather than update it), we >>> suggest changing the title and abbreviated title as follows. Is this >>> acceptable? >>> >>> Original: >>> Updates to Lightweight OCSP Profile for High Volume Environments >>> >>> Perhaps (same title as RFC 5019): >>> The Lightweight Online Certificate Status Protocol (OCSP) Profile >>> for High-Volume Environments >>> >>> Similarly, may the abbreviated title (which appears in the running header >>> of the PDF) be updated as follows? >>> >>> Original: >>> Lightweight OCSP Profile Update >>> >>> Perhaps: >>> Lightweight OCSP Profile >>> --> >> >> Yes, since we’re obsoleting it there’s no need for the “Updates to” / >> “Update” words. >> >>> 2) <!-- [rfced] Please insert any keywords (beyond those that appear in >>> the title) for use on https://www.rfc-editor.org/search. --> >> >> Revocation >> >>> 3) <!--[rfced] FYI, we changed "RECOMMENDS" to "is RECOMMENDED by" (2 >>> instances), >>> as "RECOMMENDED" is the defined keyword from BCP 14. This update allows >>> using >>> the <bcp14> element without warnings. We realize the original text matches >>> RFC 5019. For example: >>> >>> Original: >>> Clients SHOULD NOT include the requestExtensions structure. If a >>> >>> requestExtensions structure is included, this profile RECOMMENDS that >>> >>> it contain only the nonce extension (id-pkix-ocsp-nonce). >>> >>> >>> Current: >>> Clients SHOULD NOT include the requestExtensions structure. If a >>> >>> requestExtensions structure is included, it is RECOMMENDED by this >>> >>> profile that the structure contain only the nonce extension (id-pkix- >>> >>> ocsp-nonce). >>> --> >> >> WFM >> >>> 4) <!--[rfced] Is this line within the sourcecode in Section 3.2.1 >>> intended to be a comment within the sourcecode, or should it be >>> taken out of the sourcecode? (Note: This line exceeded the 72-character >>> limit so we included a line break within the sourcecode.) >>> >>> Original: >>> The value for response SHALL be the DER encoding of BasicOCSPResponse. >>> --> >> >> This sentence should be taken out of the source code, so I guess that means >> there’s two blocks of source code. >> >>> 5) <!--[rfced] May we update this sentence as follows to clarify that the >>> protocol in [RFC5019] is backward compatible, rather than the RFC itself? >>> >>> Original: >>> Older responders which provide backward compatibility with [RFC5019] >>> MAY use the byName field to represent the ResponderID, but should >>> transition to using the byKey field as soon as practical. >>> >>> Perhaps: >>> Older responders that provide backward compatibility with the protocol >>> defined in [RFC5019] MAY use the byName field to represent the ResponderID >>> but should transition to using the byKey field as soon as practical. >>> --> >> >> Yes >> >>> 6) <!--[rfced] We are having some trouble understanding how "server name and >>> base64-encoded OCSPRequest structure" fits into the sentence below. Please >>> review and let us know the sentence may be updated for clarity. >>> >>> Original: >>> When sending requests that are less than or >>> equal to 255 bytes in total (after encoding) including the scheme and >>> delimiters (http://), server name and base64-encoded OCSPRequest >>> structure, clients MUST use the GET method (to enable OCSP response >>> caching). >>> >>> Perhaps: >>> When sending requests that are less than or >>> equal to 255 bytes in total (after encoding), including the scheme and >>> delimiters (http://), server name, and base64-encoded OCSPRequest >>> structure, clients MUST use the GET method (to enable OCSP response >>> caching). >>> --> >> >> I think that’s right. The 255 bytes needs to include everything that is >> listed there. >> >>> 7) <!--[rfced] Should "productedAt" be "producedAt" (no 't')? >>> Even though RFC 5019 contains one instance of "productedAt", >>> it contains seven instances of "producedAt". We note that other >>> RFCs also use "producedAt" (e.g., RFCs 9654, 6960, 5912). >>> >>> Original: >>> productedAt = March 19, 2023 01:00:00 GMT >>> >>> Suggested: >>> producedAt = March 19, 2023 01:00:00 GMT >>> --> >> >> GREAT CATCH! >> >> Definitely needs to be “producedAt”! >> >>> 8) <!--[rfced] May this sentence be updated as follows to avoid citing >>> RFC 9846 twice? >>> >>> Original: >>> This functionality has been specified as an extension to the TLS >>> [I-D.ietf-tls-rfc8446bis] protocol in Section 4.4.2 of >>> [I-D.ietf-tls-rfc8446bis], but can be applied to any client-server >>> protocol. >>> >>> Current: >>> This functionality has been specified as an extension to the TLS >>> protocol [RFC9846] in Section 4.4.2 of [RFC9846] but can be applied >>> to any client-server protocol. >>> >>> Option A: >>> This functionality has been specified as an extension to the TLS >>> protocol in Section 4.4.2 of [RFC9846] but can be applied >>> to any client-server protocol. >>> >>> Option B: >>> In Section 4.4.2 of [RFC9846], this functionality has been specified >>> as an extension to the TLS protocol, but it can be applied to any >>> client-server protocol. >>> --> >> >> I prefer option A. >> >>> 9) <!-- [rfced] We were unable to find a document directly matching the >>> title provided in the original reference. The URL provided goes to the >>> homepage for the Open Mobile Alliance. We did find the following URL, >>> which points to the OCSP Mobile Profile: >>> https://www.openmobilealliance.org/release/OCSP/V1_0-20040127-C/OMA-WAP-OCSP-V1_0-20040127-C.pdf >>> >>> May we update this reference as follows? >>> >>> Original: >>> [OCSPMP] Open Mobile Alliance, "OCSP Mobile Profile V1.0", >>> www.openmobilealliance.org . >>> >>> Perhaps: >>> [OCSPMP] Open Mobile Alliance, "Online Certificate Status Protocol >>> Mobile Profile", Candidate Version V1.0, 27 January 2004, >>> <https://www.openmobilealliance.org/release/OCSP/V1_0-20040127-C/OMA-WAP-OCSP-V1_0-20040127-C.pdf>. >>> --> >> >> I will defer to my co-authors on this one. >> >>> 10) <!-- [rfced] Please review the "type" attribute of each sourcecode >>> element >>> in the XML file to ensure correctness. If the current list of preferred >>> values for "type" >>> (https://www.rfc-editor.org/rpc/wiki/doku.php?id=sourcecode-types) >>> does not contain an applicable type, then feel free to let us know. >>> Also, it is acceptable to leave the "type" attribute not set. >>> >>> In addition, review each artwork element. Specifically, >>> should any artwork element be tagged as sourcecode or another >>> element? >>> --> >> >> I will put this on my to do list ;) >> >>> 11) <!--[rfced] Should instances of "OCSP protocol" be updated to simply >>> "OCSP" to avoid redundancy (if expanded, "OCSP protocol" would read >>> "Online Certificate Status Protocol protocol")? Please review and let us >>> know if any updates are needed. >>> >>> Original: >>> Future versions of the OCSP protocol may provide a way for the client >>> to know whether the responder supports nonces or does not support >>> nonces. >>> ... >>> The authors of this version of the document wish to thank Alex Deacon >>> and Ryan Hurst for their work to produce the original version of the >>> lightweight profile for the OCSP protocol. >>> --> >> >> Yes please drop the extra “protocol” where appropriate. >> >>> 12) <!--[rfced] Abbreviations >>> >>> a) Both the expansion and the acronym for the following term are used >>> throughout the document. Would you like to update to using the expansion >>> upon >>> first usage and the acronym for the rest of the document? >>> >>> certification authority (CA) >> >> I am happy with that. >> >>> b) We note that "AIA" has been expanded two different ways in the document. >>> Please review and let us know which version should be used for consistency. >>> >>> authorityInfoAccess (AIA) vs. authorityInformationAccess (AIA) >>> --> >> >> So this is a bit weird maybe: >> >> s3.2.2: >> >> OLD: >> >> authorityInfoAccess >> (AIA) extension nor cRLDistributionPoints (CRLDP) extension >> >> NEW: >> >> Authority Information Access >> (AIA) extension nor CRL Distribution Points (CRLDP) extension >> >> S4.1: >> >> OLD: >> >> authorityInfoAccess extension >> >> NEW: >> >> AIA extension >> >> OLD: >> >> authorityInformationAccess (AIA) extension >> cRLDistributionPoints extension >> >> NEW: >> >> AIA extension >> CRLDP extension >> >> >>> 13) <!-- [rfced] Please review the "Inclusive Language" portion of the >>> online >>> Style Guide >>> <https://www.rfc-editor.org/styleguide/part2/#inclusive_language> >>> and let us know if any changes are needed. Updates of this nature typically >>> result in more precise language, which is helpful for readers. >>> >>> For example, please consider whether "man-in-the-middle" should be updated. >>> --> >> >> I am fine with changing it to on-path if my co-authors are. >> >> spt >> >>> Thank you. >>> >>> Alanna Paloma and Alice Russo >>> RFC Production Center >>> >>> >>> On Jan 16, 2026, at 10:45 AM, [email protected] wrote: >>> >>> *****IMPORTANT***** >>> >>> Updated 2026/01/16 >>> >>> RFC Author(s): >>> -------------- >>> >>> Instructions for Completing AUTH48 >>> >>> Your document has now entered AUTH48. Once it has been reviewed and >>> approved by you and all coauthors, it will be published as an RFC. >>> If an author is no longer available, there are several remedies >>> available as listed in the FAQ (https://www.rfc-editor.org/faq/). >>> >>> You and you coauthors are responsible for engaging other parties >>> (e.g., Contributors or Working Group) as necessary before providing >>> your approval. >>> >>> Planning your review >>> --------------------- >>> >>> Please review the following aspects of your document: >>> >>> * RFC Editor questions >>> >>> Please review and resolve any questions raised by the RFC Editor >>> that have been included in the XML file as comments marked as >>> follows: >>> >>> <!-- [rfced] ... --> >>> >>> These questions will also be sent in a subsequent email. >>> >>> * Changes submitted by coauthors >>> >>> Please ensure that you review any changes submitted by your >>> coauthors. We assume that if you do not speak up that you >>> agree to changes submitted by your coauthors. >>> >>> * Content >>> >>> Please review the full content of the document, as this cannot >>> change once the RFC is published. Please pay particular attention to: >>> - IANA considerations updates (if applicable) >>> - contact information >>> - references >>> >>> * Copyright notices and legends >>> >>> Please review the copyright notice and legends as defined in >>> RFC 5378 and the Trust Legal Provisions >>> (TLP – https://trustee.ietf.org/license-info). >>> >>> * Semantic markup >>> >>> Please review the markup in the XML file to ensure that elements of >>> content are correctly tagged. For example, ensure that <sourcecode> >>> and <artwork> are set correctly. See details at >>> <https://authors.ietf.org/rfcxml-vocabulary>. >>> >>> * Formatted output >>> >>> Please review the PDF, HTML, and TXT files to ensure that the >>> formatted output, as generated from the markup in the XML file, is >>> reasonable. Please note that the TXT will have formatting >>> limitations compared to the PDF and HTML. >>> >>> >>> Submitting changes >>> ------------------ >>> >>> To submit changes, please reply to this email using ‘REPLY ALL’ as all >>> the parties CCed on this message need to see your changes. The parties >>> include: >>> >>> * your coauthors >>> >>> * [email protected] (the RPC team) >>> >>> * other document participants, depending on the stream (e.g., >>> IETF Stream participants are your working group chairs, the >>> responsible ADs, and the document shepherd). >>> >>> * [email protected], which is a new archival mailing list >>> to preserve AUTH48 conversations; it is not an active discussion >>> list: >>> >>> * More info: >>> >>> https://mailarchive.ietf.org/arch/msg/ietf-announce/yb6lpIGh-4Q9l2USxIAe6P8O4Zc >>> >>> * The archive itself: >>> https://mailarchive.ietf.org/arch/browse/auth48archive/ >>> >>> * Note: If only absolutely necessary, you may temporarily opt out >>> of the archiving of messages (e.g., to discuss a sensitive matter). >>> If needed, please add a note at the top of the message that you >>> have dropped the address. When the discussion is concluded, >>> [email protected] will be re-added to the CC list and >>> its addition will be noted at the top of the message. >>> >>> You may submit your changes in one of two ways: >>> >>> An update to the provided XML file >>> — OR — >>> An explicit list of changes in this format >>> >>> Section # (or indicate Global) >>> >>> OLD: >>> old text >>> >>> NEW: >>> new text >>> >>> You do not need to reply with both an updated XML file and an explicit >>> list of changes, as either form is sufficient. >>> >>> We will ask a stream manager to review and approve any changes that seem >>> beyond editorial in nature, e.g., addition of new text, deletion of text, >>> and technical changes. Information about stream managers can be found in >>> the FAQ. Editorial changes do not require approval from a stream manager. >>> >>> >>> Approving for publication >>> -------------------------- >>> >>> To approve your RFC for publication, please reply to this email stating >>> that you approve this RFC for publication. Please use ‘REPLY ALL’, >>> as all the parties CCed on this message need to see your approval. >>> >>> >>> Files >>> ----- >>> >>> The files are available here: >>> https://www.rfc-editor.org/authors/rfc9919.xml >>> https://www.rfc-editor.org/authors/rfc9919.html >>> https://www.rfc-editor.org/authors/rfc9919.pdf >>> https://www.rfc-editor.org/authors/rfc9919.txt >>> >>> Diff file of the text: >>> https://www.rfc-editor.org/authors/rfc9919-diff.html >>> https://www.rfc-editor.org/authors/rfc9919-rfcdiff.html (side by side) >>> >>> Diff of the XML: >>> https://www.rfc-editor.org/authors/rfc9919-xmldiff1.html >>> >>> >>> Tracking progress >>> ----------------- >>> >>> The details of the AUTH48 status of your document are here: >>> https://www.rfc-editor.org/auth48/rfc9919 >>> >>> Please let us know if you have any questions. >>> >>> Thank you for your cooperation, >>> >>> RFC Editor >>> >>> -------------------------------------- >>> RFC9919 (draft-ietf-lamps-rfc5019bis-12) >>> >>> Title : Updates to Lightweight OCSP Profile for High Volume >>> Environments >>> Author(s) : T. Ito, C. Wilson, C. Bonnell, S. Turner >>> WG Chair(s) : Russ Housley, Tim Hollebeek >>> Area Director(s) : Deb Cooley, Paul Wouters >> >
-- auth48archive mailing list -- [email protected] To unsubscribe send an email to [email protected]
