Stefan Santesson wrote:
> On 3/26/13 12:13 PM, "Martin Rex" <mrex@xxxxxxx> wrote:
>
> >Adding 3 more OCSPResponseStatus error codes { no_authoritative_data(7),
> >single_requests_only(8), unsupported_extension(8) } with well-defined and
> >conflict-free semantics to the existing enum would be perfectly backwards
> >compatible.
>
> Of course it is backwards compatible with the standard, but not with the
> installed base.
>
> What would happen to the installed base of clients if OCSP responders
> would change from current "unauthorized" to one of your new error codes?
As it was already mentinoned here:
http://www.ietf.org/mail-archive/web/pkix/current/msg04489.html
I would no longer get a popup from my OCSP client that tells my
that I'm unauthorized to submit OCSPRequests to that server, and that
the server has been moved to a blacklist, and that I will have to
manually enable this server after obtaining proper authorization
before my client will send any further requests that OCSP server.
No longer being interactively bothered about this error seems like a
very valuable improvement!
-Martin