The IESG has approved the following document: - 'Updates to X.509 Policy Validation' (draft-ietf-lamps-x509-policy-graph-05.txt) as Proposed Standard
This document is the product of the Limited Additional Mechanisms for PKIX and SMIME Working Group. The IESG contact persons are Paul Wouters and Roman Danyliw. A URL of this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-lamps-x509-policy-graph/ Technical Summary This document updates RFC 5280 to replace the algorithm for X.509 policy validation with an equivalent, more efficient algorithm. The original algorithm built a structure which scaled exponentially in the worst case, leaving implementations vulnerable to denial-of- service attacks. Working Group Summary One concern was raised during WG Last Call that should be highlighted. As written, this document is not stand alone. It makes changes to the certification path validation algorithm in RFC 5280. There is a concern that future updates to RFC 5280 will conflict with these updates. The person that raised these concerns would prefer an update to RFC 5280 that completely replaces Section 6 and is written as a set of editing instructions to be made against Section 6 of RFC 5280. The person that raised this concern was able to convince one other LAMPS WG participant, but the LAMPS WG Chairs determined that they were in the rough. Document Quality The following projects adopted the concept outlined in this document: * BoringSSL * LibreSSL Personnel The Document Shepherd for this document is Russ Housley. The Responsible Area Director is Roman Danyliw. _______________________________________________ IETF-Announce mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-announce
