On Thu, Aug 15, 2013 at 9:19 PM, Yaron Sheffer <yaronf.ietf@xxxxxxxxx> wrote:
--
Website: http://hallambaker.com/
Hi Paul,
I am quite sure that I fully understand the semantics of "critical" (probably erroneously), so I'm not the right person to clarify the various meanings of the word. I would appreciate a proposal.
Just for the record, my "critical" means: the reader must be able to process the data item according to its specification, not just syntactically but also semantically, and must fail otherwise. There may still be contained non-critical data items that are NOT understood by the reader.
Sec. 2.4 consistently mentions "tag" in the singular. For example, the first sentence could be "a data item can optionally be preceded by one or more tags" - but it isn't
+1
The semantics of critical have never been ambiguous. The problem has been that some people have been misled into thinking 'critical' means 'important'. So we have certain PKIX extensions where the specification says that they MUST be marked critical even though marking them critical is stupid.
Marking an extension critical in a PKIX certificate means 'if you do not understand this extension you cannot understand the semantics of the certificate and so you MUST NOT rely on it'.
As such, this is an essential feature to have available if you have a certificate that depends on some novel revocation mechanism. But it is something that should only be used if the semantics are so important that breaking backwards compatibility is desirable.
It is an essential semantic but I don't believe that semantics belong in the encoding layer. The bit can only be processed at the application layer so the encoding layer should not be dealing with it. Consider the situation where you have one application moving bits for another. I might send along a piece of data that has a critical bit set but it is presented in a context where the piece of data is optional.
And it need not be a bit. The Critical bit in SAML is actually the <Conditions/> element. It was necessary to disguise it as I knew that having a criticality bit would lead to a lot of unproductive arguing and possibly the same sort of misuse as in PKIX. Calling it Conditions was a twofer.
Website: http://hallambaker.com/