Cullen, The remaining key part to understanding what you what you are trying to do here is to bottom out your assertion that
> from 3261, and it was fairly likely that it the WG would > decide that the domain-certs draft was an essential > correction to 3261. We haven't really had a discussion about > whether EKU is essential or an correction to 3261 or even > whether it MUST be implemented, so it seems like a bad idea > to have this dependency. For any of the material to be an essential correction to RFC 3261, it is implicit that domain-certs would currently contains statements in RFC 2119 language that we would write in RFC 3261 so that all implementations of RFC 3261 took account of those requirements (these could be any of MUST, SHOULD, MAY). You apparently believe that some of the requirements do fall into this category. I did ask you to identify those requirements, and so far you have not done so. I do believe that if you assertion is correct, that we must have the discussion before we proceed any further. The philosophy. We currently have a number of RFC 2119 requirements split between eku and domain certs. We need to understand the dependency of these on each other and on RFC 3261. Currently the division assumes that none of the information is required for all implementations, merely for those in scope of the domain-certs draft, and also for connect-reuse that calls up these documents. Regards Keith > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of Cullen Jennings > Sent: Wednesday, March 19, 2008 2:32 PM > To: SIP > Subject: [Sip] Question about refernce in > draft-ietf-sip-domain-certs-00 > > > The draft contains the text: > > I-D.sip-eku [9] describes the method to validate any Extended Key > Usage values found in the certificate for a SIP domain. > Implementations MUST perform the checks prescribed by that > specification. > > This last sentence creates a normative dependency of domain > certs on EKU. My read of the WG discussion was that domain > certs clarified important issues about TLS cert verification > from 3261, and it was fairly likely that it the WG would > decide that the domain-certs draft was an essential > correction to 3261. We haven't really had a discussion about > whether EKU is essential or an correction to 3261 or even > whether it MUST be implemented, so it seems like a bad idea > to have this dependency. > > I propose we strike the last sentence and make the reference > to I- D.sip-eku informative. I think that will be the best > path to allow both the EKU and the domain-certs document get > finished faster than if we try to tie them together in this way. > > > Cullen <with my individual contributor hat on> > > _______________________________________________ > Sip mailing list https://www.ietf.org/mailman/listinfo/sip > This list is for NEW development of the core SIP Protocol Use > [EMAIL PROTECTED] for questions on current sip > Use [EMAIL PROTECTED] for new developments on the application of sip > _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
