The draft contains the text: I-D.sip-eku [9] describes the method to validate any Extended Key Usage values found in the certificate for a SIP domain. Implementations MUST perform the checks prescribed by that specification.
This last sentence creates a normative dependency of domain certs on EKU. My read of the WG discussion was that domain certs clarified important issues about TLS cert verification from 3261, and it was fairly likely that it the WG would decide that the domain-certs draft was an essential correction to 3261. We haven't really had a discussion about whether EKU is essential or an correction to 3261 or even whether it MUST be implemented, so it seems like a bad idea to have this dependency. I propose we strike the last sentence and make the reference to I- D.sip-eku informative. I think that will be the best path to allow both the EKU and the domain-certs document get finished faster than if we try to tie them together in this way. Cullen <with my individual contributor hat on> _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
