Online Certificate Status Protocol Algorithm Agility
Draft of message to be sent after approval:
From: The IESG <firstname.lastname@example.org> To: IETF-Announce <email@example.com> Cc: Internet Architecture Board <firstname.lastname@example.org>, RFC Editor <email@example.com>, pkix mailing list <firstname.lastname@example.org>, pkix chair <email@example.com> Subject: Protocol Action: 'Online Certificate Status Protocol Algorithm Agility' to Proposed Standard (draft-ietf-pkix-ocspagility-10.txt) The IESG has approved the following document: - 'Online Certificate Status Protocol Algorithm Agility' (draft-ietf-pkix-ocspagility-10.txt) as a Proposed Standard This document is the product of the Public-Key Infrastructure (X.509) Working Group. The IESG contact persons are Tim Polk and Sean Turner. A URL of this Internet Draft is: http://datatracker.ietf.org/doc/draft-ietf-pkix-ocspagility/
Technical Summary The Online Certificate Status protocol (OCSP), RFC 2560 is a core PKIX query response protocol for obtaining certificate status information. The OSCP specification requires server responses to be signed but does not specify a mechanism for selecting the signature algorithm to be used leading to possible interoperability failures in contexts where multiple signature algorithms are in use. This document specifies an algorithm for server signature algorithm selection and an extension that allows a client to advise a server that specific signature algorithms are supported. Work Group Summary The first draft was submitted about a year ago but did not gain momentum as the author changed employment. A second author was assigned in July to speed up the process. The WG discussions focused mainly on the algorithm selection algorithm, mandatory to implement algorithms and how to specify algorithms. The discussions were productive but non-controversial. Document Quality The document is brief and clearly written. Personnel Steve Kent is the Document Shepherd. Tim Polk is the Responsible Area Director.