On Mar 28, 2015, at 17:19, Viktor Dukhovni <ietf-dane@xxxxxxxxxxxx> wrote: > On Fri, Mar 27, 2015 at 11:50:44PM -0500, Massimiliano Pala wrote: > >> I do not really feel >> comfortable adopting OIDs that are under the control of a single >> organization. Would this be a first case ? > > I don't see any possibility of "control" of a leaf OID once it is > assigned. > > All that organizations control s the issuing of new OIDS under > particular prefixes, and their prerogative is basically limited to > avoiding collisions with other people assigning OIDs under their > respective prefixes. Once you publish an OID as fit for a particular > purpose, you cannot take it back. > > So I see no risk here. MIT's and Microsoft's OIDS are used in > Kerberos, for example. This has not and cannot cause any problems. I’m with Victor and don’t see the issue. We’ve got standards track RFCs with OIDs from NIST, Certicom, RSA, and “infosec” and those are just the ones I can come up with off the top of head. spt