On Mar 28, 2015, at 17:19, Viktor Dukhovni <ietf-dane(_at_)dukhovni(_dot_)org>
wrote:
On Fri, Mar 27, 2015 at 11:50:44PM -0500, Massimiliano Pala wrote:
I do not really feel
comfortable adopting OIDs that are under the control of a single
organization. Would this be a first case ?
I don't see any possibility of "control" of a leaf OID once it is
assigned.
All that organizations control s the issuing of new OIDS under
particular prefixes, and their prerogative is basically limited to
avoiding collisions with other people assigning OIDs under their
respective prefixes. Once you publish an OID as fit for a particular
purpose, you cannot take it back.
So I see no risk here. MIT's and Microsoft's OIDS are used in
Kerberos, for example. This has not and cannot cause any problems.
I’m with Victor and don’t see the issue. We’ve got standards track RFCs with
OIDs from NIST, Certicom, RSA, and “infosec” and those are just the ones I can
come up with off the top of head.
spt