Hello, In reviewing the latest draft of cose-cbor-encoded-cert, I noticed that section 3.3 [1] defines GeneralSubtree as the following:
GeneralSubtree = [ GeneralName, minimum: uint, ? maximum: uint ]
However, RFC 5280 section 4.2.1.10 [2] says:
"Within this profile, the minimum and maximum fields are not used with
any name forms, thus, the minimum MUST be zero, and maximum MUST be
absent. However, if an application encounters a critical name
constraints extension that specifies other values for minimum or
maximum for a name form that appears in a subsequent certificate, the
application MUST either process these fields or reject the
certificate."
Given this, I don't think it is necessary to provide "minimum" and "maximum"
fields as they are static ("minimum" is always 0 and "maximum" is always
absent) in an RFC 5280-compliant certificate; a list of GeneralName for the
GeneralSubtree is sufficient.
Secondly, this is more of an editorial nit, but it would be useful to break
out the extension definitions in section 3.3 into a sub-section for each
extension. This would align with the convention used in RFC 5280 and make it
easier to reference the specification for a given extension.
[1]
https://www.ietf.org/archive/id/draft-ietf-cose-cbor-encoded-cert-04.html#na
me-encoding-of-extensions
[2] https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.10
Thanks,
Corey
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
