Re: Last Call: draft-ietf-csi-send-cert (Certificate profile and certificate management for SEND) to Proposed Standard

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Suresh,

Responses inline.  I deleted the ones we've agreed on.

spt

Suresh Krishnan wrote:

3) Technically your IANA considerations is wrong because you need to get OIDs. Might I suggest something like:

   This document makes use of object identifiers to identify a Extended
   Key Usages (EKUs) and the ASN.1 module found in Appendix *TBD*.  The
   EKUs and ASN.1 module OID are registered in an arc delegated by IANA
   to the PKIX Working Group.  No further action by IANA is necessary for
   this document or any anticipated updates.

Given 2) is it OK to leave this section as it is?

It's up to you whether you want to keep the text as is.

4.c) Was there discussion about support for the anyExtendedKeyUsage OID from 4.2.1.12 of RFC 5280?

No. I am not sure it would be useful as the SEND implementations really need to know the EKU to work properly. The packet processing is based on the value of the EKU.

Hmmm if you're not going to support it, then you might want to put some text in about it not being allowed. 5280 allows applications to reject certificates that include this extension.

5) draft-ietf-sidr-res-certs-17 is expired.

We need to normatively reference this draft. So I guess we will get stuck in the RFC-Ed Queue waiting for this.

Yep.
_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]