Re: [Emu] Consensus Call on OCSP usage in draft-ietf-emu-eap-tls13-11

Joseph Salowey wrote: > On Fri, Oct 30, 2020 at 4:44 AM Michael Richardson > wrote: >> >> Joseph Salowey wrote: >> >> I suggest: >> >> >> >> “EAP-TLS servers supporting TLS 1.3 that use OCSP to do certificate >> >> recovation checks, MUST implement Certificate

Re: [Emu] Consensus Call on OCSP usage in draft-ietf-emu-eap-tls13-11

On Fri, Oct 30, 2020 at 4:44 AM Michael Richardson wrote: > > Joseph Salowey wrote: > >> I suggest: > >> > >> “EAP-TLS servers supporting TLS 1.3 that use OCSP to do certificate > >> recovation checks, MUST implement Certificate Status Requests > using OCSP > >> stapling as

Re: [Emu] Consensus Call on OCSP usage in draft-ietf-emu-eap-tls13-11

Joseph Salowey wrote: >> I suggest: >> >> “EAP-TLS servers supporting TLS 1.3 that use OCSP to do certificate >> recovation checks, MUST implement Certificate Status Requests using OCSP >> stapling as specified in Section 4.4.2.1 of [RFC8446]. > [Joe] Thanks Michael, I

Re: [Emu] Consensus Call on OCSP usage in draft-ietf-emu-eap-tls13-11

On Thu, Oct 29, 2020 at 3:12 PM Michael Richardson wrote: > > Joseph Salowey wrote: > > 2. Require Servers to Implement and Recommended to Use OCSP with text > > similar to the following: > > I don't think that this text is quite right. > > I note that "RECOMMENDED" is a synonym for SHOU

Re: [Emu] Consensus Call on OCSP usage in draft-ietf-emu-eap-tls13-11

Joseph Salowey wrote: > 2. Require Servers to Implement and Recommended to Use OCSP with text > similar to the following: I don't think that this text is quite right. I note that "RECOMMENDED" is a synonym for SHOULD, and usually we ask documents to explain what a reasonable exception m

Re: [Emu] Consensus Call on OCSP usage in draft-ietf-emu-eap-tls13-11

gt; > *From: *Emu on behalf of Eliot Lear 40cisco@dmarc.ietf.org> > *Date: *Thursday, October 29, 2020 at 10:53 AM > *To: *Joseph Salowey > *Cc: *EMU WG > *Subject: *Re: [Emu] Consensus Call on OCSP usage in > draft-ietf-emu-eap-tls13-11 > > > > Hi Joe

Re: [Emu] Consensus Call on OCSP usage in draft-ietf-emu-eap-tls13-11

+1 From: Emu Date: Thursday, October 29, 2020 at 14:10 To: Eliot Lear Cc: Max Pala , EMU WG Subject: Re: [Emu] Consensus Call on OCSP usage in draft-ietf-emu-eap-tls13-11 +1 > On Oct 29, 2020, at 1:37 PM, Eliot Lear > wrote: > > Hi Max > >> On 29 Oct 2020, at 1

Re: [Emu] Consensus Call on OCSP usage in draft-ietf-emu-eap-tls13-11

t;> > > Worth more. > > Eliot > >> Cheers, >> Max >> >> From: Emu on behalf of Eliot Lear >> >> Date: Thursday, October 29, 2020 at 10:53 AM >> To: Joseph Salowey >> Cc: EMU WG >> Subject: Re: [Emu] Consensus Call on O

Re: [Emu] Consensus Call on OCSP usage in draft-ietf-emu-eap-tls13-11

lear=40cisco@dmarc.ietf.org>> > Date: Thursday, October 29, 2020 at 10:53 AM > To: Joseph Salowey mailto:j...@salowey.net>> > Cc: EMU WG mailto:emu@ietf.org>> > Subject: Re: [Emu] Consensus Call on OCSP usage in draft-ietf-emu-eap-tls13-11 > > Hi Joe, >

Re: [Emu] Consensus Call on OCSP usage in draft-ietf-emu-eap-tls13-11

: Thursday, October 29, 2020 at 10:53 AM To: Joseph Salowey Cc: EMU WG Subject: Re: [Emu] Consensus Call on OCSP usage in draft-ietf-emu-eap-tls13-11 Hi Joe, My suggestion is that we add some discussion about what to do in the case of no connectivity to the CA. This will be a not-uncommon

Re: [Emu] Consensus Call on OCSP usage in draft-ietf-emu-eap-tls13-11

Hi Joe, My suggestion is that we add some discussion about what to do in the case of no connectivity to the CA. This will be a not-uncommon occurrence, IMHO, in industrial use cases. Eliot > On 29 Oct 2020, at 17:23, Joseph Salowey > wrote: > > An issue was raised i

[Emu] Consensus Call on OCSP usage in draft-ietf-emu-eap-tls13-11

An issue was raised in a review of draft-ietf-emu-eap-tls13-11 on the mandatory requirement for OCSP stapling [1]. The document makes the use of OCSP mandatory in section 5.4 [2]. Several folks have pointed out that this may not be feasible in all deployments. This is a quick consensus call for