John Thank you for your proposal. I am fine with it, but I am no native speaker π.
I am still struggling a bit with the middle sentence. βThe structure also allows an end entity or RA to include any other necessary data, such as the publicKey field, when it is required for the certificate.β The public key is always required for a certificate, but with central key generation it will not be provided in the certificate request. What do you think about this: βThe structure also allows an end entity or RA to include any other necessary data, such as the publicKey field, when it is required for the certificate request.β Hendrik Von: John Gray <john.g...@entrust.com> Gesendet: Freitag, 11. Juli 2025 16:30 An: Brockhaus, Hendrik (FT RPD CST SEA-DE) <hendrik.brockh...@siemens.com>; David von Oheimb <David.von.Oheimb=40siemens....@dmarc.ietf.org>; Alanna Paloma <apal...@staff.rfc-editor.org> Cc: debcool...@gmail.com; Mike Ounsworth <mike.ounswo...@entrust.com>; rfc-edi...@rfc-editor.org; lamps-...@ietf.org; lamps-cha...@ietf.org; hous...@vigilsec.com; auth48archive@rfc-editor.org Betreff: Re: [EXTERNAL] [AD] Re: AUTH48: RFC-to-be 9810 <draft-ietf-lamps-rfc4210bis-18> for your review I think there is a problem with the rephrasing. This new proposal seems to have an incomplete sentence, and using "wish to get included" seems kind of jarring to me. The phrase "want to be included" would be better, I think. The sentence "The publicKey field is typically required to provide." is not complete... The last sentence is fine The CertTemplate structure allows entities requesting a certificate to specify the data fields that they wish to get included. The publicKey field is typically required to provide. A CertTemplate structure is identical to a TBSCertificate structure (see [RFC 5280]) but with all fields optional/situational. If you really want to further rephrase it, the following works. I think the comment from Quynh wanted to mention data fields and that is why publicKey is mentioned, so how about the following: The CertTemplate structure allows entities requesting a certificate to specify the data fields that they want to be included. The structure also allows an end entity or RA to include any other necessary data, such as the publicKey field, when it is required for the certificate. A CertTemplate structure is identical to a TBSCertificate structure (see [RFC 5280]) but with all fields optional/situational. Cheers, John Gray ________________________________ From: Brockhaus, Hendrik <hendrik.brockh...@siemens.com<mailto:hendrik.brockh...@siemens.com>> Sent: Friday, July 11, 2025 2:42 AM To: David von Oheimb <David.von.Oheimb=40siemens....@dmarc.ietf.org<mailto:David.von.Oheimb=40siemens....@dmarc.ietf.org>>; Alanna Paloma <apal...@staff.rfc-editor.org<mailto:apal...@staff.rfc-editor.org>>; John Gray <john.g...@entrust.com<mailto:john.g...@entrust.com>> Cc: debcool...@gmail.com<mailto:debcool...@gmail.com> <debcool...@gmail.com<mailto:debcool...@gmail.com>>; Mike Ounsworth <mike.ounswo...@entrust.com<mailto:mike.ounswo...@entrust.com>>; rfc-edi...@rfc-editor.org<mailto:rfc-edi...@rfc-editor.org> <rfc-edi...@rfc-editor.org<mailto:rfc-edi...@rfc-editor.org>>; lamps-...@ietf.org<mailto:lamps-...@ietf.org> <lamps-...@ietf.org<mailto:lamps-...@ietf.org>>; lamps-cha...@ietf.org<mailto:lamps-cha...@ietf.org> <lamps-cha...@ietf.org<mailto:lamps-cha...@ietf.org>>; hous...@vigilsec.com<mailto:hous...@vigilsec.com> <hous...@vigilsec.com<mailto:hous...@vigilsec.com>>; auth48archive@rfc-editor.org<mailto:auth48archive@rfc-editor.org> <auth48archive@rfc-editor.org<mailto:auth48archive@rfc-editor.org>> Subject: AW: [EXTERNAL] [AD] Re: AUTH48: RFC-to-be 9810 <draft-ietf-lamps-rfc4210bis-18> for your review WARNING: This email originated outside of Entrust. DO NOT CLICK links or attachments unless you trust the sender and know the content is safe. I like this rephrasing. Hendrik Von: David von Oheimb <David.von.Oheimb=40siemens....@dmarc.ietf.org<mailto:David.von.Oheimb=40siemens....@dmarc.ietf.org>> Gesendet: Freitag, 11. Juli 2025 08:40 An: Alanna Paloma <apal...@staff.rfc-editor.org<mailto:apal...@staff.rfc-editor.org>>; John Gray <john.g...@entrust.com<mailto:john.g...@entrust.com>> Cc: debcool...@gmail.com<mailto:debcool...@gmail.com>; Brockhaus, Hendrik (FT RPD CST SEA-DE) <hendrik.brockh...@siemens.com<mailto:hendrik.brockh...@siemens.com>>; Mike Ounsworth <mike.ounswo...@entrust.com<mailto:mike.ounswo...@entrust.com>>; rfc-edi...@rfc-editor.org<mailto:rfc-edi...@rfc-editor.org>; lamps-...@ietf.org<mailto:lamps-...@ietf.org>; lamps-cha...@ietf.org<mailto:lamps-cha...@ietf.org>; hous...@vigilsec.com<mailto:hous...@vigilsec.com>; auth48archive@rfc-editor.org<mailto:auth48archive@rfc-editor.org> Betreff: Re: [EXTERNAL] [AD] Re: AUTH48: RFC-to-be 9810 <draft-ietf-lamps-rfc4210bis-18> for your review Hi Alanna et al., I suggest streamlining part of the below mentioned paragraph on the CertTemplate structure, as follows. The CertTemplate structure allows entities requesting a certificate to specify the data fields that they wish to get included. The publicKey field is typically required to provide. A CertTemplate structure is identical to a TBSCertificate structure (see [RFC 5280]) but with all fields optional/situational. Regards, David On 10.07.25 21:05, Alanna Paloma wrote: Hi John, Thank you for your reply. I'm okay with the suggested updated text (I agree it is much clearer), however there is a typo in it π It should be "when it is" instead of "when t is" The CertTemplate structure allows an end entity or RA to specify as many data fields as the structure wishes for the requested certificate. The structure also allows an end entity or RA to include any other necessary data, such as the publicKey field, when it is required for the certificate. A CertTemplate structure is identical to a TBSCertificate structure (see [RFC 5280]) but with all fields optional/situational. Thanks for spotting this! We have updated the text accordingly. Any email and files/attachments transmitted with it are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system.
-- auth48archive mailing list -- auth48archive@rfc-editor.org To unsubscribe send an email to auth48archive-le...@rfc-editor.org
