Russ Housley wrote: > > >2) If this was published in a more academic environment, it would be > >proper (and required) to cite related work, tracing the source of > >ideas that were not entirely new. We don't usually have extensive > >citations in RFCs, but in this context, perhaps it would be > >appropriate to mention the previous proposal for sending ACs in TLS > >(draft-ietf-tls-attr-cert from 1998) in the Acknowledgements section. > > This takes a very different approach. Stephen and I co-authored RFC > 3281, which is referenced. I do not think that Stephen's ideas about > integrating Attribute Certificates into TLS had any impact on the > design in the current document. Well, while draft-ietf-tls-attr-cert certainly contains a lot of stuff that isn't in draft-housley-tls-authz-extns (such as AC acquisition, hints about what ACs the client should consider presenting, etc.), there's some overlap as well. For example, a very basic case where the client presents an AC containing a role or security clearance to the server, and the server uses this to determine what the client is authorized to access, is explicitly mentioned in both documents, and would work almost identically. Best regards, Pasi _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf