Also, RFC 5937 defines how to process the constraints from the 5914 structure.
On 10/7/17, 11:31 PM, "pkix on behalf of Peter Bowen" <pkix-boun...@ietf.org on behalf of pzbo...@gmail.com> wrote: >On Tue, Sep 12, 2017 at 5:59 AM, Dmitry Belyavsky via >dev-security-policy <dev-security-policy@lists.mozilla.org> wrote: >> Here is the new version of the draft updated according to the >>discussion on >> mozilla-dev-security list. > >Given that RFC 5914 already defines a TrustAnchorList and >TrustAnchorInfo object and that the Trust Anchor List object is >explicitly contemplated as being included in a signed CMS message, >would it not make more sense to start from 5914 and define new >extensions encode constraints not currently defined? > >Thanks, >Peter > >_______________________________________________ >pkix mailing list >p...@ietf.org >https://www.ietf.org/mailman/listinfo/pkix _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy