As this is the only issue raised with this document during the WGLC I have edited the document as suggested, and submitted -05 of this document to reflect the outcome of the WGLC review.
thanks, Geoff On 02/12/2010, at 12:45 AM, Geoff Huston wrote: > this works for me > > Geoff > > On 01/12/2010, at 11:16 PM, Sean Turner wrote: > >> Sandy, >> >> My only reservation with this document before I support progressing it is >> the following from section 4.2: >> >> When a key rollover occurs, the EE certificate for the RPKI signed >> object MUST be re-issued, under the key of the NEW CA. A CA MAY >> choose to treat this EE certificate the same way that it deals with >> CA certificates, i.e., to copy over all fields and extensions, and >> MAY change only the notBefore date and the serial number. If the CA >> adopts this approach, then the new EE certificate is inserted into >> the CMS wrapper, but the signed context remains the same. (If the >> signing time or binary signing time values in the CMS wrapper are >> non-null, they MAY be updated to reflect the current time.) >> >> I think a note/warning/pointer is needed to reiterate what's in Section >> 2.1.6.4.3/4 of [ID.ietf-sidr-signed-object] because normally changing the >> value of signed attribute would invalidate the signature on that object. >> [ID.ietf-sidr-signed-object] says: >> >> The presence or absence of the SigningTime/BinarySigningTime attribute MUST >> NOT affect the validity of the signed object. >> >> So maybe adding something like: >> >> As noted in Section 2.1.6.4.3 and 2.1.6.4.4 of [ID.ietf-sidr-signed-object], >> the presence or absence of the SigningTime and/or the BinarySigningTime >> attribute MUST NOT affect the validity of the signed object. >> >> would help us CMS weenies ;) >> >> spt >> >> On 11/17/10 11:56 PM, Sandra Murphy wrote: >>> >>> Geoff Huston has requested a WG LC for draft "CA Key Rollover in the RPKI". >>> >>> The document and the draft version history are available at >>> http://tools.ietf.org/wg/sidr/draft-ietf-sidr-keyroll. >>> >>> The Last Call will end Wed, 1 Dec 2010 (AOE). >>> >>> As usual, please address all comments to the WG mailing list, and >>> please be clear in your comments to this last call if you are >>> supporting the document's submission to the IESG or if you are >>> opposed. If you are opposed, please indicate why. >>> >>> --Sandy, speaking with wg chair derby on >>> >>> _______________________________________________ >>> sidr mailing list >>> [email protected] >>> https://www.ietf.org/mailman/listinfo/sidr >>> >> _______________________________________________ >> sidr mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/sidr > > -- > > Geoff Huston > Chief Scientist, APNIC > > +61 7 3858 3100 > [email protected] > > > > > _______________________________________________ > sidr mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/sidr -- Geoff Huston Chief Scientist, APNIC +61 7 3858 3100 [email protected] _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
