Steve, Two things: (1) Given the variable amount of time it takes to get RFCs issued/ published after IESG signoff, are you and the WG sure that you want to tie the phases of the phase-in procedure to RFC publication? (2) There is an incomplete sentence at the end of (2): "This allows CAs to issue certificates under" (more context below). john --On Friday, April 15, 2011 14:45 -0400 Stephen Kent <kent@xxxxxxx> wrote: > 2- During phase 2 CAs MUST issue certificates under the new > profile, and these certificates MUST co-exist with > certificates issued under the old format. (CAs will continue > to issue certificates under the old OID/format as well.) The > old and new certificates MUST be identical, except for the > policy OID and any new extensions, encodings, etc. Relying > parties MAY make use of the old or the new certificate formats > when processing signed objects retrieved from the RPKI > repository system. During this phase, a relying party that > elects to process both formats will acquire the same values > for all certificate fields that overlap between the old and > new formats. Thus if either certificate format is verifiable, > the relying party accepts the data from that certificate. This > allows CAs to issue certificates under > > 3- At the beginning of phase 3, all relying parties MUST be > capable of processing certificates under the new format. >... _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf