Andy,
In looking through the SIDR archives (since I am not getting messages
directly from the list) I saw the following posting:
Incidentally, I thought I heard Russ Housley say at the mike that
the cert format says what CP appliels and it points to this CP. If I
understand, using a different CP means changing the cert format. Am
I wrong?
I see the following, which I presume is what Russ was referring to:
3.9.8. Certificate Policies
This extension MUST reference the Resource Certificate Policy, using
the OID Policy Identifier value of "1.3.6.1.5.5.7.14.2". This field
MUST be present and MUST contain only this value for Resource
Certificates.
No PolicyQualifiers are defined for use with this policy and thus
none must be included in this extension.
This extension MUST be present and it is critical.
If you do not follow the CP that has the OID in the CP that is under
discussion in SIDR, then you must not issue certs containing that OID
in the cert policy field. You could issue certs with a different
policy OID, or with no policy OID. Niether would meet the criteria
for RPKI Certs, and thus should be rejected by compliant relying
party software.
Steve
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
