Re: [TLS] I-D Action: draft-ietf-tls-subcerts-10.txt

Mon, 25 Jan 2021 08:15:03 -0800 

I have reviewed the recent update, and I notice one inconsistency.

Section 2 says:

   In the absence of an application profile standard
   specifying otherwise, the maximum validity period is set to 7 days.

Section 4.1.3 says:

   1.  Validate that DelegatedCredential.cred.valid_time is no more than
       7 days.

I think that Section 2 is trying to say that an application profile can make it 
even shorter than 7 days, but on my first reading I got the opposite.

Russ


> On Jan 24, 2021, at 6:03 PM, [email protected] wrote:
> 
> 
> A New Internet-Draft is available from the on-line Internet-Drafts 
> directories.
> This draft is a work item of the Transport Layer Security WG of the IETF.
> 
>        Title           : Delegated Credentials for TLS
>        Authors         : Richard Barnes
>                          Subodh Iyengar
>                          Nick Sullivan
>                          Eric Rescorla
>       Filename        : draft-ietf-tls-subcerts-10.txt
>       Pages           : 19
>       Date            : 2021-01-24
> 
> Abstract:
>   The organizational separation between the operator of a TLS endpoint
>   and the certification authority can create limitations.  For example,
>   the lifetime of certificates, how they may be used, and the
>   algorithms they support are ultimately determined by the
>   certification authority.  This document describes a mechanism by
>   which operators may delegate their own credentials for use in TLS,
>   without breaking compatibility with peers that do not support this
>   specification.
> 
> 
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-tls-subcerts/
> 
> There are also htmlized versions available at:
> https://tools.ietf.org/html/draft-ietf-tls-subcerts-10
> https://datatracker.ietf.org/doc/html/draft-ietf-tls-subcerts-10
> 
> A diff from the previous version is available at:
> https://www.ietf.org/rfcdiff?url2=draft-ietf-tls-subcerts-10
> 
> 
> Please note that it may take a couple of minutes from the time of submission
> until the htmlized version and diff are available at tools.ietf.org.
> 
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
> 
> 
> _______________________________________________
> TLS mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/tls

_______________________________________________
TLS mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/tls

Reply via email to