Folks, I've just reviewed the IETF LC for this draft. Thanks all for the comments and discussion which I think have thrown up some real issues. As of now, it is not clear to me that we have finished the work with this one, at least the issues to do with name constraints seem to me to call for some more WG consideration. I think Russ (as lamps WG chair) has a similar opinion that we're not done yet. That said, I had put this on the March 16th IESG telechat for consideration. If we do manage to reach a clear enough consensus on a published revision to the draft in say the next week then that schedule should still be fine. So I'd encourage the authors and others who've commented to try again and see if, in that timeframe, we can get to where we're happy that the issues raised have been handled well enough. But, if it looks (as it does to me today) as if this'll take a bit longer to figure out, then I figure the right thing to do will be to let the lamps WG figure out how to proceed. (And that'll mean that my successor as the responsible AD for the lamps WG will handle further actions with the doc.) Bottom line: if this isn't settled in the next week or so, I'll take it off the March 16th IESG telechat and let the WG continue the discussion. Cheers, S. PS: To add to the name constraints discussion, I did wonder if anyone really wants to use those. So for example, if we defined the new name form so that certificate chains with any name constraints at all and one of those names anywhere are always treated as invalid, then would that cause any real breakage? (It certainly would cause theoretical breakage, but if that's all then I'd be ok with that:-)
Attachment:
signature.asc
Description: OpenPGP digital signature