Hi Joe, Hi draft authors, I reviewed draft-ietf-tls-subcerts-09 and the document is well written and easy to understand.
I have only a minor remark regarding the validity time of the delegated credential. In Section 3 you say " In the absence of an application profile standard specifying otherwise, the maximum validity period is set to 7 days. Peers MUST NOT issue credentials with a validity period longer than the maximum validity period. " In Section 4 you say the following about the validity time. "This MUST NOT exceed 7 days." I wonder whether it makes sense to just copy the text from Section 3 to Section 4 have it read the same way. Having the flexibility to extend this maximum validity time via profiles may turn out to be useful, as Section 3 already states. The use of a new X.509 extension is unfortunate because tools used for creating certificates are somewhat behind supporting various extensions. We ran into this issue for use with device certificates in IoT deployments. I guess there is nothing to do about this other than trying to add support of this extension in popular tools. Any plans to add support for this extension to the OpenSSL command line tool to create certificates? Ciao Hannes From: TLS <[email protected]> On Behalf Of Joseph Salowey Sent: Monday, June 29, 2020 5:59 PM To: <[email protected]> <[email protected]> Subject: [TLS] 2nd WGLC for Delegated Credentials for TLS This is the second working group last call for Delegated Credentials for TLS. The latest draft can be found here: https://tools.ietf.org/html/draft-ietf-tls-subcerts-09. There have been 2 revisions since the last review. Draft 8 contains changes that were not committed in time for draft 7 and draft 9 contains revisions from the previous WGLC. Links to the Diffs between the draft 9 and draft 7 can be found at the end of this message. Please focus your review on the changes between draft 7 and draft 9. Please send your comments to the list by July 13, 2020. Thanks, Sean and Joe [Inline Diff] https://tools.ietf.org/rfcdiff?difftype=--hwdiff&url2=draft-ietf-tls-subcerts-09.txt&url1=draft-ietf-tls-subcerts-07.txt [Side-by-side Diff] https://tools.ietf.org/rfcdiff?url2=draft-ietf-tls-subcerts-09.txt&url1=draft-ietf-tls-subcerts-07.txt IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
