On 17/11/2010, at 1:39 AM, Roque Gagliano wrote: > As I listened to the recorded version of the session in Beijing, looks like > there some level of consensus that it may be a good idea to add an additional > "error_response" code value for "algorithm suite not supported".
I did not hear that as a clear consensus, and in my discussions with others who are familiar with this protocol, I tended to the opinion that there was adequate information already in the provisioning protocol to support multiple algorithms via classes. > I believe that will help the algorithm migration process as we can write the > exact process in the draft. I am of the opinion that the protocol already has sufficient knobs to support an environment of algorithm transition without further augmentation. The existing protocol supports: - multiple algorithms are implemented as multiple classes - algorithms for each class are identified in the certificate provided by the server in the response to a LIST command - the server performs a proof of possession text using the algorithm associated with the class that was nominated in the certificate request. Geoff _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
