Sean,
Thanks a lot for the feedback. Comments are inline.
Turner, Sean P. wrote:
Just minor nits:
Sec 2.1.3.2:
- Missing ',' after the exactMatch BOOLEAN
- "SEQUENCE of" should be "SEQUENCE OF"
- I like it when the SEQUENCE OF includes a SIZE OF(X..MAX) to indicate
whether the SEQUENCE OF can have 0 or more or 1 or more members in the
SEQUENCE OF. This applies to the ROAIPAddrBlocks and addresses fields.
It seems reasonable to include a SIZE OF(1..MAX) to the ROAIPAddrBlocks
and addresses fields.
Sec 2.1.6.2:
- It might be useful to point to the res-certs ID for how to make the
subjectKeyIdentifier. Additionally, I think it might be good to say the SID
must match the SKI of the signer in this section because it talks about
making the fields. I know it's in sec 3 step during the "check it" process
but I think it should be in the "make it" process section.
I wholeheartedly agree.
Sec 2.1.6.5:
- RFC3370 says MUST support the rsaEncryption OID and MAY support the
shaXYZWithRSAEncryption (where XYZ in this case will be 256) identifier.
Should we allow the hash to be explicitly identified?
Since the SignerInfo object includes a DigestAlgorithmIdentifier, I see
no need to explicitly specify the hash algorithm as part of the
signatureAlgorithm.
General:
- Why no ASN.1 module?
I need to give this a little more thought, but it does seem reasonable
to include an ASN.1 module
_______________________________________________
Sidr mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/sidr
