FWIW, I like this formulation Steve. Possibly when you refer to "the current value of the VRS-IP” you may want to explicitly refer to the VRS-IP of certificate x-1 rather than “current”.
I also wonder if it is worth noting that the enumerated steps outlined here are intended to be performed “top down” - i.e. from a trust anchor to the certificate to be validated. regards, Geoff > On 25 Jun 2016, at 5:04 AM, Stephen Kent <[email protected]> wrote: > > I've been discussing details of text in the "validation revisited" I-D with > Tim, now that he has become the primary editor. I believe a description of a > new validation algorithm will be cleaner and easier to understand if we > replace all of section 7.2 in 6487, rather than trying to change just step 6. > Most of the text will remain the same, but I've tried to simplify the > language where appropriate, to correct a technical error (in describing > validity checking), and add text needed to describe the revised alg. I think > it makes sense to fix the section while we're updating 6487. Here is my > proposed re-write for this section. I've marked the changed text as bold, and > included red comments to explain the rationale for the suggested changes. > > Steve > _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
