On Mar 20, 2008, at 11:05 PM, Dean Willis wrote: > > > Let me restate this with fewer typos: > > I think what Cullen is saying is: > > If the certificate presented for a SIP domain contains Extended Key > Usage values [RFC 3280] , implementations MAY validate those > values using the techniques described in I-D.sip-eku[9]. > > and if that's what he's saying, I think this is in conflict with the > text of RFC 3280, which makes validation a MUST. > > -- > Dean > >
This is not at all what I was saying. I was saying that the EKU work is an orthogonal extensions to SIP with very little to do with the text in the domain-certs document and there is no need for this work to mandate support for sip-eku. I have not heard a technical argument why some part of the doamin-certs draft is not implementable without implementing sip-eku. I have heard people say, "sip-eku is a good idea" which is fine and assuming it becomes an RFC, devices that want to implement will implement that RFC. There are also lots of other drafts that are good ideas and we wish people would do them, however, we don't add as a note to the end over every draft that says "You MUST also implement draft x, y, and z even though they have little to do with this one". In my mind, the point of domain-certs is largely about to clarify how certain parts of 3261 related to certificates for TLS. People had implemented and were doing more or less all the major parts of domain- certs over 5 years ago - long before folks started even thinking about sip-eku. I think sip-eku is a fine document and should become an RFC. I also think there is a need for a document with roughly the advice in domain-certs. However, I see no reason that domain-certs, something people have been doing for several years, has to mandate implementation of sip-eku. These are very separable issues and should be kept that way. Cullen <with my individual contributor hat on> _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
