Re: [sidr] I-D Action:draft-ietf-sidr-res-certs-16.txt

To: sidr at ietf.org
Subject: Re: [sidr] I-D Action:draft-ietf-sidr-res-certs-16.txt
From: Terry Manderson <terry at terrym.net>
Date: Thu, 26 Feb 2009 10:52:36 +1000
Delivered-to: sidr at core3.amsl.com
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:sender:message-id:from:to :in-reply-to:content-type:content-transfer-encoding:mime-version :subject:date:references:x-mailer; bh=HgAvc8VuwvF5RAmh1Q5jUEAWcIHPzlekvI3vb8abR8k=; b=eynf8iqNQaOdak/A8oiK3Ydnm6hw90vqY2HZ9De8gXqjJ5ZLT7PFox+xjNBAc58vH+ nGIQdxSGLd4WB8v8cNmm6x078kOR3A6mrCeXZSPMWhGh/8mcEr5Frus6xbgzealzZehN NfZEX369nrTE3ihzn7f9353QZcYQ/Jn29QM7M=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=sender:message-id:from:to:in-reply-to:content-type :content-transfer-encoding:mime-version:subject:date:references :x-mailer; b=PC9KQJS2mstujwcH+m0HPlv3fVp3uJXXpDLpOC3Hv3bqPuUUFE2pqLQ19QDf8Mk7+5 istetZelIx8+6BItl2LpbjbeazhOIErhRqrfrAIiD+6uzEH8BwSR19Y5uskuRNNVeXDa L+rOz7UiLgjV47rB9JW6JuCIx4TLuv624tU3g=
In-reply-to: <20090225220001.958CE3A6912 at core3.amsl.com>
List-archive: <http://www.ietf.org/mail-archive/web/sidr>
List-help: <mailto:sidr-request@ietf.org?subject=help>
List-id: Secure Interdomain Routing <sidr.ietf.org>
List-post: <mailto:sidr@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
References: <20090225220001.958CE3A6912 at core3.amsl.com>
Sender: Terry Manderson <terry.mndrsn at gmail.com>

I've just finished my read of version 16.

* Section 3.9.5

With the introduction of Extended Key Usage, can I suggest that thewording follow that of RFC5280 for consistency in how key purposes areconstructed?


e.g:

Object identifiers used to identify key purposes MUST be assigned inaccordance with IANA or ITU-T Recommendation X.660 [X.660].

I also agree that the EKU should be there. It provides a level ofextensibility.


* Removal of section 6.3

I could not agree more! TA structures are so important in thisapplication that they should stand as a topic (*draft*) in their ownright.


* section 7 Design Notes

firstly " yet still ensure that the structures Subject name changes",I think should be

"structure's"

secondly - I had to re-read this paragraph several times to simplyunderstand that the advise is to have CAs which use a constant CN perentity still change their DN via the serial number at key rollover.yeah? Any way this can be revised for us dummies? ;)


* personal nit:

The word uniqueness bugs me ;-) something is either unique or it isnot. There are no varying degrees of being unique. I'd love to see adifferent word or phrase used - but it isn't a blocker for me.


Cheers
Terry

On 26/02/2009, at 8:00 AM, Internet-Drafts at ietf.org wrote:

A New Internet-Draft is available from the on-line Internet-Draftsdirectories.This draft is a work item of the Secure Inter-Domain Routing WorkingGroup of the IETF.
	Title           : A Profile for X.509 PKIX Resource Certificates
	Author(s)       : G. Huston, et al.
	Filename        : draft-ietf-sidr-res-certs-16.txt
	Pages           : 34
	Date            : 2009-02-25

References:
- [sidr] I-D Action:draft-ietf-sidr-res-certs-16.txt
  - From: Internet-Drafts

Prev by Date: [sidr] I-D Action:draft-ietf-sidr-res-certs-16.txt
Next by Date: [sidr] I-D Action:draft-ietf-sidr-ta-00.txt
Previous by thread: [sidr] I-D Action:draft-ietf-sidr-res-certs-16.txt
Next by thread: [sidr] I-D Action:draft-ietf-sidr-ta-00.txt
Index(es):
- Date
- Thread

Re: [sidr] I-D Action:draft-ietf-sidr-res-certs-16.txt

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.