"Martin" == Martin Rex <mrex(_at_)sap(_dot_)com> writes:
Martin> Oh, here is a message from the Security AD back then (Sam
Martin> Hartman), commenting on requirements for rfc2560bis (the I-D
Martin> under last call right now!):
Martin> http://www.ietf.org/mail-archive/web/pkix/current/msg03515.html
To be clear, I didn't comment on which error codes were overloaded to do
what. My point was simply that there needs to be a minimal set of
client behavior that is guaranteed to work (if permitted by responder
policy) with any responder. That's the level of interoperability we
generally require from our specs.
It sounds like Martin would like to be able to distinguish three client
behaviors:
1) Use less of the spec and send me a simpler request
2) I can't help you with this particular request
3) Please go away and never come back
That's a fine desire. In my opinion, it's also fine for us to decide
for interoperability, simplicity or other reasons that we're combining
all that into one error and clients don't get to make this distinction.