Suresh,
Responses inline. I deleted the ones we've agreed on.
spt
Suresh Krishnan wrote:
3) Technically your IANA considerations is wrong because you need to
get OIDs. Might I suggest something like:
This document makes use of object identifiers to identify a Extended
Key Usages (EKUs) and the ASN.1 module found in Appendix *TBD*. The
EKUs and ASN.1 module OID are registered in an arc delegated by IANA
to the PKIX Working Group. No further action by IANA is necessary for
this document or any anticipated updates.
Given 2) is it OK to leave this section as it is?
It's up to you whether you want to keep the text as is.
4.c) Was there discussion about support for the anyExtendedKeyUsage
OID from 4.2.1.12 of RFC 5280?
No. I am not sure it would be useful as the SEND implementations really
need to know the EKU to work properly. The packet processing is based on
the value of the EKU.
Hmmm if you're not going to support it, then you might want to
put some text in about it not being allowed. 5280 allows
applications to reject certificates that include this extension.
5) draft-ietf-sidr-res-certs-17 is expired.
We need to normatively reference this draft. So I guess we will get
stuck in the RFC-Ed Queue waiting for this.
Yep.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf