Tim,
Hi,
So, to be clear I think this is the related text in section 9 of RFC 6487:
A new document will be issued as an update to this RFC. The CP for
the RPKI [RFC6484] will be updated to reference the new certificate
profile. The new CP will define a new policy OID for certificates
issued under the new certificate profile.
And references in 6484 (CP) to 6487 should be reviewed and reference the
validation-reconsidered instead (since it updates the profile), and we should
have another OID instead of the one section 1.2. But there is no need to use a
different OID for the RFC3779 extensions used. Right?
Thanks for reminding me of the text in section 9 of 6487. Immediately
after the paragraph you cite the text says that an update to 6487
requires establishing a timeline for a three phase transition process,
something we have yet to discuss, and which is not yet part of the
validation reconsidered I-D.
I believe that Rob suggested using a different OID for the 3779
extensions because he wants currently-deployed code to continue to work
with any software that relies on the cert validation procedure defined
in 3779. A new OID for the extensions would allow software to know which
type of processing is to be used when encountering a cert extension. So,
for that reason, and to be consistent with the notion of a phased
transition process, I believe there is a need for a new OID for the 3779
extensions.
Steve
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
