Yes, I agree the middle sentence was a bit clusmy, but given it was being
added based of Quynh's comments, I didn't know how much more it should change
from what was suggested by the RFC editior. I guess the point is to mention
that the public key is typically required (but not always because there are
cases where server generated keys are used for example)...
So yes, I am good with your proposal David, which is built on all the previous
proposals from everyone as well.
Thanks,
John Gray
________________________________
From: David von Oheimb <David.von.Oheimb=40siemens....@dmarc.ietf.org>
Sent: Friday, July 11, 2025 11:20 AM
To: John Gray <john.g...@entrust.com>; Brockhaus, Hendrik
<hendrik.brockh...@siemens.com>; Alanna Paloma <apal...@staff.rfc-editor.org>
Cc: debcool...@gmail.com <debcool...@gmail.com>; Mike Ounsworth
<mike.ounswo...@entrust.com>; rfc-edi...@rfc-editor.org
<rfc-edi...@rfc-editor.org>; lamps-...@ietf.org <lamps-...@ietf.org>;
lamps-cha...@ietf.org <lamps-cha...@ietf.org>; hous...@vigilsec.com
<hous...@vigilsec.com>; auth48archive@rfc-editor.org
<auth48archive@rfc-editor.org>
Subject: Re: [EXTERNAL] [AD] Re: AUTH48: RFC-to-be 9810
<draft-ietf-lamps-rfc4210bis-18> for your review
WARNING: This email originated outside of Entrust.
DO NOT CLICK links or attachments unless you trust the sender and know the
content is safe.
In the latest proposal you just sent, the middle sentence (apparently
originating from Quynh)
still reads pretty clumsy and kind to overlaps with the first sentence.
How about this?
The CertTemplate structure allows entities requesting a certificate
to specify the data fields that they want to be included.
Typically, they are required to provide at least the publicKey field.
A CertTemplate structure is identical to a TBSCertificate structure (see [RFC
5280])
but with all fields optional/situational.
David
On 11.07.25 16:30, John Gray wrote:
I think there is a problem with the rephrasing. This new proposal seems to
have an incomplete sentence, and using "wish to get included" seems kind of
jarring to me. The phrase "want to be included" would be better, I think.
The sentence "The publicKey field is typically required to provide." is not
complete...
The last sentence is fine
The CertTemplate structure allows entities requesting a certificate
to specify the data fields that they wish to get included.
The publicKey field is typically required to provide. A
CertTemplate structure is identical to a TBSCertificate structure (see [RFC
5280])
but with all fields optional/situational.
If you really want to further rephrase it, the following works. I think the
comment from Quynh wanted to mention data fields and that is why publicKey is
mentioned, so how about the following:
The CertTemplate structure allows entities requesting a certificate
to specify the data fields that they want to be included.
The structure also allows an end entity or RA to include any other
necessary data, such as the publicKey field, when it is required for the
certificate.
A CertTemplate structure is identical to a TBSCer tificate structure (see [RFC
5280])
but with all fields optional/situational.
Cheers,
John Gray
________________________________
From: Brockhaus, Hendrik
<hendrik.brockh...@siemens.com><mailto:hendrik.brockh...@siemens.com>
Sent: Friday, July 11, 2025 2:42 AM
To: David von Oheimb
<David.von.Oheimb=40siemens....@dmarc.ietf.org><mailto:David.von.Oheimb=40siemens....@dmarc.ietf.org>;
Alanna Paloma
<apal...@staff.rfc-editor.org><mailto:apal...@staff.rfc-editor.org>; John Gray
<john.g...@entrust.com><mailto:john.g...@entrust.com>
Cc: debcool...@gmail.com<mailto:debcool...@gmail.com>
<debcool...@gmail.com><mailto:debcool...@gmail.com>; Mike Ounsworth
<mike.ounswo...@entrust.com><mailto:mike.ounswo...@entrust.com>;
rfc-edi...@rfc-editor.org<mailto:rfc-edi...@rfc-editor.org>
<rfc-edi...@rfc-editor.org><mailto:rfc-edi...@rfc-editor.org>;
lamps-...@ietf.org<mailto:lamps-...@ietf.org>
<lamps-...@ietf.org><mailto:lamps-...@ietf.org>;
lamps-cha...@ietf.org<mailto:lamps-cha...@ietf.org>
<lamps-cha...@ietf.org><mailto:lamps-cha...@ietf.org>;
hous...@vigilsec.com<mailto:hous...@vigilsec.com>
<hous...@vigilsec.com><mailto:hous...@vigilsec.com>;
auth48archive@rfc-editor.org<mailto:auth48archive@rfc-editor.org>
<auth48archive@rfc-editor.org><mailto:auth48archive@rfc-editor.org>
Subject: AW: [EXTERNAL] [AD] Re: AUTH48: RFC-to-be 9810
<draft-ietf-lamps-rfc4210bis-18> for your review
WARNING: This email originated outside of Entrust.
DO NOT CLICK links or attachments unless you trust the sender and know the
content is safe.
I like this rephrasing.
Hendrik
Von: David von Oheimb
<David.von.Oheimb=40siemens....@dmarc.ietf.org><mailto:David.von.Oheimb=40siemens....@dmarc.ietf.org>
Gesendet: Freitag, 11. Juli 2025 08:40
An: Alanna Paloma
<apal...@staff.rfc-editor.org><mailto:apal...@staff.rfc-editor.org>; John Gray
<john.g...@entrust.com><mailto:john.g...@entrust.com>
Cc: debcool...@gmail.com<mailto:debcool...@gmail.com>; Brockhaus, Hendrik (FT
RPD CST SEA-DE)
<hendrik.brockh...@siemens.com><mailto:hendrik.brockh...@siemens.com>; Mike
Ounsworth <mike.ounswo...@entrust.com><mailto:mike.ounswo...@entrust.com>;
rfc-edi...@rfc-editor.org<mailto:rfc-edi...@rfc-editor.org>;
lamps-...@ietf.org<mailto:lamps-...@ietf.org>;
lamps-cha...@ietf.org<mailto:lamps-cha...@ietf.org>;
hous...@vigilsec.com<mailto:hous...@vigilsec.com>;
auth48archive@rfc-editor.org<mailto:auth48archive@rfc-editor.org>
Betreff: Re: [EXTERNAL] [AD] Re: AUTH48: RFC-to-be 9810
<draft-ietf-lamps-rfc4210bis-18> for your review
Hi Alanna et al.,
I suggest streamlining part of the below mentioned paragraph on the
CertTemplate structure,
as follows.
The CertTemplate structure allows entities requesting a certificate
to specify the data fields that they wish to get included.
The publicKey field is typically required to provide. A
CertTemplate structure is identical to a TBSCertificate structure (see [RFC
5280])
but with all fields optional/situational.
Regards,
David
On 10.07.25 21:05, Alanna Paloma wrote:
Hi John,
Thank you for your reply.
I'm okay with the suggested updated text (I agree it is much clearer), however
there is a typo in it 🙂
It should be "when it is" instead of "when t is"
The CertTemplate structure allows an end entity or RA to specify as many
data fields as the structure wishes for the requested certificate. The
structure also allows an end entity or RA to include any other necessary data,
such as the publicKey field, when it is required for the certificate. A
CertTemplate structure is identical to a TBSCertificate structure (see [RFC
5280])
but with all fields optional/situational.
Thanks for spotting this! We have updated the text accordingly.
Any email and files/attachments transmitted with it are intended solely for the
use of the individual or entity to whom they are addressed. If this message has
been sent to you in error, you must not copy, distribute or disclose of the
information it contains. Please notify Entrust immediately and delete the
message from your system.
--
auth48archive mailing list -- auth48archive@rfc-editor.org
To unsubscribe send an email to auth48archive-le...@rfc-editor.org
