On 6/8/19 3:29 PM, Russ Housley via Datatracker wrote:
In Section 3.2, I think that [SHA] should be an informative reference. If a normative reference for SHA-256 is needed, please cite FIPS 180.
Russ -- can you explain this suggestion further? RFC 6234 has been in the downref registry [1] since 2013, and is frequently referenced normatively by Standards-Track RFCs. Is there something special about the UKS document that makes this common practice inappropriate for it? To be clear, I specifically considered this reference when processing the UKS document, and believe the second paragraph of section 3 of RFC 3967 to be applicable.
/a ____ [1] https://datatracker.ietf.org/doc/downref/
