Reviewer: Scott Kelly Review result: Ready I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The summary of the review is ready. This review is more than a month late, so I hope it is still useful. >From the abstract, This document defines a new CSR attribute, relatedCertRequest, and a new X.509 certificate extension, RelatedCertificate. The use of the relatedCertRequest attribute in a CSR and the inclusion of the RelatedCertificate extension in the resulting certificate together provide additional assurance that two certificates each belong to the same end entity. The document describes an example use case illustrating migration from classic cert to a PQ certificate. The security considerations section calls out the security considerations of RFC 5280, and also discusses the potential for downgrade attacks and risks relating to retrieval of the related cert. I see no additional security considerations, and think the document is ready from a security perspective. -- last-call mailing list -- last-call@xxxxxxxx To unsubscribe send an email to last-call-leave@xxxxxxxx
