At 12:39 PM -0400 6/5/09, Sean Turner wrote:
#1 Non-repudiation bit
During the development of other profiles where the NR bit wasn't set, sometime
after the profile gets developed I've usually gotten questions like "so you're
not setting N-R can I use it for non-repudiation services?" To answer this
question, I sometimes put text in that said yes you can (below). Maybe we
should add something like this maybe in the security considerations?
Note that setting keyCertSign, cRLSign, and digitialSignature also means
that the certificate could be used by applications that require
non-repudiation services for certificate, CRL, and content signing,
respectively.
I disagree that this needs to be added, and I certainly don't think this
qualifies as a security consideration. The draft already says (three times...)
that the nonRepudiation bit MAY be set.
#5 Question: 4.2 Conversion Routine
Aren't the conversion routines in SEC1 and ANSI X9.62 the same? 5480
pointed to SEC1 because it was more readily available (online and free
versus online and not free for ANSI). Curious why you chose to point to
3279 and not 5480? 2.3.5 of 3279 points to 4.3.3 and 4.3.6 of ANSI
X9.62. 2.2 of 5480 points to 2.3.1 and 2.3.2 of SEC1G. If we don't
point to 3279 here and the next one, you could delete it as a reference.
That's a good question. It is good for us to point to free and easily-retrieved
documents when possible.
--Paul Hoffman, Director
--VPN Consortium
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf