Re: rfc5081bis

[Nikos Mavrogiannopoulos]

Andrew McDonald wrote:

> Do you know why the original RFC5081 was published as experimental
> rather than standards track?
> Are there independent interoperating implementations that could be used
> as an indication that "RFC5081 had some issues, but is basically good
> enough for standards track"? Otherwise reissue at experimental might be
> the most appropriate route.

Hello Andrew,
 Indeed if that was the product of the TLS WG then experimental could be
the status. However this was an individual submission of a description
of existing protocol, thus I believe informational was the appropriate
status.

> I didn't spot any mails that indicated that you've tried to initiate
> any discussion on the TLS WG - that would be the obvious starting
> point - "Here's a draft. It fixes these flaws in RFC5081. Any support
> for taking up as a wg draft to update RFC5081?"

When I first published the rc5081bis update the chair notified me that I
should submit it independently since there was not much interest from
the WG. I also felt the same and continued with the independent submission.

> I've only the skimmed the draft - mainly the "Changes from RFC5081"
> section. The immediately obvious concern is the "major and
> incompatible" changes statement (though what happens if an RFC5081bis
> endpoint tries to talk to an RFC5081 endpoint is not entirely clear to
> me). Is there a way to make it compatible? (Even if it involves
> defining a new certificate type?)

The two protocols are incompatible. Compatibility should be possible but
I saw no reason to keep it back then since gnutls is still the only
implementation.

best regards,
Nikos