Re: [TLS] comments on draft-ietf-tls-tls13-19

Ilari Liusvaara writes: > > On Fri, Apr 21, 2017 at 10:52 AM, Nikos Mavrogiannopoulos > > wrote: > > > > > My issue with OCSP when used under TLS was how to determine the > > > validity of the response when the nextUpdate field is missing. I've > > >

Re: [TLS] comments on draft-ietf-tls-tls13-19

On Sun, Apr 23, 2017 at 12:01:08PM -0400, Ryan Sleevi wrote: > > And the 12 month update interval for intermediates is IMO just crazy, > > and won't work properly in TLS 1.3, now that multistaple is pretty much > > a baseline feature. > > > > I have no desire to support multistaple within Chrome.

Re: [TLS] comments on draft-ietf-tls-tls13-19

On Sun, Apr 23, 2017 at 12:01:08PM -0400, Ryan Sleevi wrote: > On Sun, Apr 23, 2017 at 6:34 AM, Ilari Liusvaara > wrote: > > > And the 12 month update interval for intermediates is IMO just crazy, > > and won't work properly in TLS 1.3, now that multistaple is pretty

Re: [TLS] comments on draft-ietf-tls-tls13-19

On Sun, Apr 23, 2017 at 6:34 AM, Ilari Liusvaara wrote: > > I meant if anyone has seen a OCSP response from "public" CA lately that > lacks NextUpdate. > Why would it matter? Are you suggesting we determine what should be part of TLS based on what CAs are doing? That's

Re: [TLS] comments on draft-ietf-tls-tls13-19

On Sat, Apr 22, 2017 at 11:42:06PM +0200, Kurt Roeckx wrote: > On Sat, Apr 22, 2017 at 03:00:17PM +0300, Ilari Liusvaara wrote: > > On Sat, Apr 22, 2017 at 07:53:50AM -0400, Eric Rescorla wrote: > > > On Fri, Apr 21, 2017 at 10:52 AM, Nikos Mavrogiannopoulos > > > > > > wrote: >