The IESG has approved the following document: - 'Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile ' <draft-ietf-pkix-rfc3280bis-11.txt> as a Proposed Standard This document is the product of the Public-Key Infrastructure (X.509) Working Group. The IESG contact persons are Sam Hartman and Tim Polk. A URL of this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-pkix-rfc3280bis-11.txt Technical Summary This document is a replacement for RFC 3280, the standard that profiles X.509 certificate and CRL syntax for use in the IETF. RFC 3280 needed to be updated to track IETF support for internationalized names, to correct errors that have been discovered since the publication of 3280 five years ago. As part of the update, the specification of the AIA certificate extension (an IETF "private" extension) was incorporated into the document, instead of being a standalone RFC. (4325). The document also updates the reference to the list of supported algorithms used with certificates. The authors made a minor modification to the text to make clear that hash algorithms other than SHA-1 can be used in certain places, consistent with Security Area policy to make all of our standards independent of specific hash algorithms. The security considerations section was expanded, to cal attention to more subtle (DoS) concerns that may arise in some contexts. Despite the numerous tweaks and fixes, most of the text in this document is unchanged form 3280. The end of the introduction section of this document clearly summarizes the differences between it and RFC 3280. Working Group Summary The working group had consensus to advance this specification as a proposed standard. Protocol Quality This specification was reviewed for the IESG by Sam Hartman. _______________________________________________ IETF-Announce@ietf.org http://www.ietf.org/mailman/listinfo/ietf-announce
