| Dear WG, At the "cert" team we have identify a problem with RFC 3971 and the trust anchor name types defined there. The RFC defines as possible name types a X501 subject name or a FQDN. The problem we have is that subject name may not be unique across CAs in a PKI. As we decided to adopt SIDR WG certificate profile, the Subject Key Identifier extension is mandatory now. Consequently, we can use this hash of the subject public key to identify the host TAs even if we need to search across several CAs. We are issuing this draft to document the problem. However, RFC 3971 did not set a Registry for name types in the TA ICMP option, which means that the only way to implement this new name type is to modify RFC 3971 that I understand was already part of the plans for this WG. How do the group feels about taking this path? Regards, Roque, Suresh, Ana. Begin forwarded message:
------------------------------------------------------------- Roque Gagliano LACNIC GPG Fingerprint: E929 06F4 D8CD 2AD8 9365 DB72 9E4F 964A 01E9 6CEE |
Attachment:
PGP.sig
Description: This is a digitally signed message part