On Mar 09, 2015, at 21:07, Richard Hansen <[email protected]> wrote: > Hi all, > > I have submitted a bis of RFC6487 as a -00 individual submission, and > will be presenting it in Dallas. > > It's a minor change from RFC6487. Changes incorporated: > * all 3 verified errata
Faithfully includes the errata I submitted ;) > * RFC 7318 (update) > * two changes that were submitted as errata but rejected for being > technical changes: > http://www.rfc-editor.org/errata_search.php?rfc=6487&rec_status=9 > > Comments welcome. I’ll caveat this by saying I am definitely not hard over on this, but I thought I’d bring it up: Should we switch to a SHA-256-based key identifier? s4.8.3 includes the following text: The Key Identifier used for resource certificates is the 160-bit SHA-1 hash of the value of the DER-encoded ASN.1 bit string of the issuer's public key, as described in Section 4.2.1.1 of [RFC5280]. Well now there’s RFC 7093 (http://datatracker.ietf.org/doc/rfc7093/) and we could point there and generate an identifier based on SHA-256. Full disclosure: this would introduce a downref to the document; the RFC was published through the ISE. spt > Thanks, > Richard > > > -------- Forwarded Message -------- > Subject: New Version Notification for draft-rhansen-sidr-rfc6487bis-00.txt > Date: Mon, 09 Mar 2015 15:56:48 -0700 > From: [email protected] > To: Richard Hansen <[email protected]>, Andrew Newton <[email protected]>, > Robert Loomans <[email protected]>, Geoff Huston > <[email protected]>, George Michaelson <[email protected]> > > > A new version of I-D, draft-rhansen-sidr-rfc6487bis-00.txt > has been successfully submitted by Richard Hansen and posted to the > IETF repository. > > Name: draft-rhansen-sidr-rfc6487bis > Revision: 00 > Title: A Profile for X.509 PKIX Resource Certificates > Document date: 2015-03-09 > Group: Individual Submission > Pages: 32 > URL: > http://www.ietf.org/internet-drafts/draft-rhansen-sidr-rfc6487bis-00.txt > Status: > https://datatracker.ietf.org/doc/draft-rhansen-sidr-rfc6487bis/ > Htmlized: http://tools.ietf.org/html/draft-rhansen-sidr-rfc6487bis-00 > > > Abstract: > This document defines a standard profile for X.509 certificates for > the purpose of supporting validation of assertions of "right-of-use" > of Internet Number Resources (INRs). The certificates issued under > this profile are used to convey the issuer's authorization of the > subject to be regarded as the current holder of a "right-of-use" of > the INRs that are described in the certificate. This document > contains the normative specification of Certificate and Certificate > Revocation List (CRL) syntax in the Resource Public Key > Infrastructure (RPKI). This document also specifies profiles for the > format of certificate requests and specifies the Relying Party RPKI > certificate path validation procedure. > > This document obsoletes RFC 6487. > > > > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > The IETF Secretariat > > > > _______________________________________________ > sidr mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/sidr _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
