Speaking only as regular ol' member.
On Jun 27, 2014, at 4:50 PM, Sandra Murphy <[email protected]> wrote: > > 1 We could presume the CA just "knows". > 2 We could invent some other way to communicate (and secure) the router ID > bundled with the PKCS#10 request. > 3 We could remove the meaningful subject name in the router cert. > 4 We could change the "the value of this field SHOULD be empty" text in > RFC6487 to add an exception for router certs. That would allow the PKCS#10 > subject name to be non-empty so it could carry the router ID in the subject > name. > > I like 4. bgpsec-pki-profiles is already updating RFC6487 - we could just include this in the update. And it could take care of the errata issue also. --Sandy, speaking as regular ol' member
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
