At Thu, 9 Mar 2017 18:44:58 +0000, Alvaro Retana (aretana) wrote: > > I just finished reading this document. My review is predicated on > the assumption that the intent of the WG is to define an additional > validation process, and not amend/change/update/deprecate the > existing one?yet, which is why there are not only process changes > specified, but also new OIDs.
Alvaro, I will let the WG chairs and authors speak to intent regarding the existing validation process. Speaking as an implementer, I requested, nay, demanded the new OIDs, for a very simple technical reason: from an implementation standpoint, the new validation rule is very different from the old one. More precisely, it is very close to the same set of checks as the old rule, but in a very different place in the code. Given the overall structure of X.509v3's critical extension mechanism, new OIDs were by far the simplest means of signalling which rule an RP should use. So the decision to use new OIDs is orthogonal to the deprecation discussion: we need the new OIDs in any case for technical reasons. _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
