I'm confused about something. It's my understanding that "Proposed Standard" means that a specification is generally stable, has resolved known design choices, is believed to be well-understood, has received significant community review, and appears to enjoy enough community interest to be considered valuable. However, further experience might result in a change or even retraction of the specification before it advances.
I'm rather baffled as to why BRSKI -39 doesn't meet that standard. It's not as if the authors are claiming that at least two independent and interoperable implementations from different code bases have been developed, for which sufficient successful operational experience has been obtained. If we are asking for Draft Standard status, we wouldn't be ready. But we're not; we're asking for Proposed Standard and it seems to me that the draft has met that standard since at least version -32 when the review team comments had been handled. I'm not a security expert but I do believe that perfection is the enemy of the good. Regards Brian Carpenter On 31-Mar-20 15:10, Michael Richardson wrote: > > > Benjamin Kaduk via Datatracker <[email protected]> wrote: > > Unfortunately, it seems that the "pinned-domain-cert" in the issued > voucher > > is the registrar's cert, not the CA cert. (Given that the documented > > workflow is > > That's entirely correct. > The thing in the voucher validates the TLS connection that the pledge sees. > > > _______________________________________________ > Anima mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/anima > _______________________________________________ Anima mailing list [email protected] https://www.ietf.org/mailman/listinfo/anima
