On Mar 21, 2008, at 11:06 AM, Cullen Jennings wrote: > > On Mar 20, 2008, at 11:05 PM, Dean Willis wrote: > >> >> >> Let me restate this with fewer typos: >> >> I think what Cullen is saying is: >> >> If the certificate presented for a SIP domain contains Extended Key >> Usage values [RFC 3280] , implementations MAY validate those >> values using the techniques described in I-D.sip-eku[9]. >> >> and if that's what he's saying, I think this is in conflict with >> the text of RFC 3280, which makes validation a MUST. >> >> -- >> Dean >> >> > > This is not at all what I was saying. I was saying that the EKU work > is an orthogonal extensions to SIP with very little to do with the > text in the domain-certs document and there is no need for this work > to mandate support for sip-eku. I have not heard a technical > argument why some part of the doamin-certs draft is not > implementable without implementing sip-eku. I have heard people say, > "sip-eku is a good idea" which is fine and assuming it becomes an > RFC, devices that want to implement will implement that RFC. There > are also lots of other drafts that are good ideas and we wish people > would do them, however, we don't add as a note to the end over every > draft that says "You MUST also implement draft x, y, and z even > though they have little to do with this one". > > In my mind, the point of domain-certs is largely about to clarify > how certain parts of 3261 related to certificates for TLS. People > had implemented and were doing more or less all the major parts of > domain-certs over 5 years ago - long before folks started even > thinking about sip-eku. I think sip-eku is a fine document and > should become an RFC. I also think there is a need for a document > with roughly the advice in domain-certs. However, I see no reason > that domain-certs, something people have been doing for several > years, has to mandate implementation of sip-eku. These are very > separable issues and should be kept that way. >
Ok, is this what you mean? Discussion of Extended Key Usage in certificates used with SIP is outside the scope of this document. See I-D.sip-eku[9] for further discussion of this topic. -- Dean _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
