A discussion has just started yesterday on the PKIX mailing list about an "Errata in section 5.3 from RFC 5280".
At this time it can clearly be seen that RFC 5280 is NOT compatible with X.509 for the processing of crlEntryExtensions, whereas RFC 5280 is supposed to be a *profile* of X.509. For that reason, I ask the IESG to suspend its decision until the issue about crlEntryExtensions is clarified one way or another, since this point now needs to be clarified and will impact a document whose goal is precisely to clarify RFC 5280. Denis De : The IESG <[email protected]> A : IETF-Announce <[email protected]> Cc : [email protected] Date : 22/08/2012 17:05 Objet : [pkix] Last Call: <draft-ietf-pkix-rfc5280-clarifications-08.txt> (Updates to the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile) to Proposed Standard Envoyé par : [email protected] The IESG has received a request from the Public-Key Infrastructure (X.509) WG (pkix) to consider the following document: - 'Updates to the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile' <draft-ietf-pkix-rfc5280-clarifications-08.txt> as Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the [email protected] mailing lists by 2012-09-05. Exceptionally, comments may be sent to [email protected] instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract This document updates RFC 5280, the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. This document changes the set of acceptable encoding methods for the explicitText field of the user notice policy qualifier and clarifies the rules for converting internationalized domain name labels to ASCII. This document also provides some clarifications on the use of self-signed certificates, trust anchors, and some updated security considerations. The file can be obtained via http://datatracker.ietf.org/doc/draft-ietf-pkix-rfc5280-clarifications/ IESG discussion can be tracked via http://datatracker.ietf.org/doc/draft-ietf-pkix-rfc5280-clarifications/ballot/ No IPR declarations have been submitted directly on this I-D. _______________________________________________ pkix mailing list [email protected] https://www.ietf.org/mailman/listinfo/pkix
