On 29/04/14 23:02, Wayne Thayer wrote: > In the context of revocation, I have a different concept of the terms > “soft fail” and “hard fail” than what you describe below. I think of > soft fail as a scenario where a browser checks OCSP, does not receive a > response, and proceeds as if it had received a “good” response without > any indication to the user. > > Also, I think of revocation “hard fail” as the scenario you describe > below as “soft fail” where the browser presents a blocking error that > the user can then choose to bypass.
...or does not allow a bypass. Both are "hard fail" - the term does not distinguish. As Wayne says, certainly in discussions of revocation, hard-vs-soft fail is a very limited question of the behaviour of the browser when it does not receive a response of any kind from the OCSP server. In soft fail, it shows the site anyway. In hard fail, it does not. I would advise not carrying this terminology over to other areas. It's not very precise in other contexts. Gerv _______________________________________________ wpkops mailing list [email protected] https://www.ietf.org/mailman/listinfo/wpkops
