At 11:31 AM +0200 8/2/11, Roque Gagliano wrote:
Content-Type: multipart/signed; boundary=Apple-Mail-113--1037130997;
protocol="application/pkcs7-signature"; micalg=sha1
Dear WG,
I uploaded a new version of the draft preparing it for WGLC.
The only change is a requirement from the BGPSEC team to include a
paragraph in section 4.2 that clarifies that "mixed" certs are not
allowed only for CA certs but may be possible for EE certs that do
not validate repository objects (i.e. BGPSEC certs).
Regards,
Roque
Folks,
As the individual responsible for the changed text, let me explain the
history for these changes.
Geoff Huston sent one or more messages to Sean Turner asking some questions
about Sean's BGPSEC router cert I-D. Sean passed on one of these
questions to me. The question asked whether using an ECDSA key in a
router cert (as Sean's
draft proposes) would require invoking the alg transition doc on which Roque,
Sean, and I are co-authors.
I thought about the question and decided to revise the text that we
had written. Specifically, I felt that use of a different alg suite
in a EE cert that was NOT used to verify a sig on a repository object
need not invoke the alg transition spec. The reasons for this are
detailed in a message I sent earlier today.
So, when Roque refers to the "BGPSEC team" above, I think he is referring to
Sean, and me, as his co-authors on this doc, plus Geoff, the WG member who
raised a question that motivated the changed text.
Steve
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
