Hi, all: Problems around precertificate contents and formats were among the things we first discussed when the working group was chartered, and here we are, still at it. There are basically two problems that fall under the "precertificate" rubric: 1) whether or not it's possible/reasonable to include a certificate's serial number (as this implies that the issuer will know in advance what the serial number will be), and 2) encoding/representation. There's a general sense that the first *seems* like it ought to be a problem, but we haven't had CAs stepping forward saying that this would prevent them from being able to implement and would be unacceptably onerous for them. Instead, we're hearing reports of at least one major CA solving the problem by simultaneously issuing precertificates and certs.
Given the lack of new information and lack of new technical arguments, I think we need to close the serial number aspect of the discussion and go ahead with continuing to include it in precertificates. This is the IETF and nearly any decision can be revisited with the introduction of new information or a new, compelling argument. But in the meantime we need to move forward, so let's close this one and move on to trying to close the encoding discussion. Many thanks for the careful thought that's gone into the deliberations so far, Melinda _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
