Stephen: I strongly disagree with this technical decision. The content of certificate extensions should be OCTET STRING wrapped ASN.1 structures, and I pointed out the text in RFC 2459 (that remains in RFC 5280) during this discussion. I am quite concerned with (4) listed below. I hope you will revisit this decision.
Please treat this as the first step in the appeal of this technical decision. Russ On Mar 12, 2015, at 11:21 PM, Melinda Shore wrote: > Hi, all: > > We've been banging away on the SCT encoding issue for a year, > and we really must close it out. Paul and I have been doing due > diligence on the issue in the background. We made a concerted effort > to find technical problems with the current text that would exclude the > possibility of allowing it in the -bis document. Here's what we found: > > 1) The proposed encoding does not violate the letter of any > specification that we can find, > 2) Peter Gutmann said that it's not a good idea but it isn't > incorrect, > 3) We checked with the authors of several widely-used pieces of > certificate processing software and in every case that person > said that the proposed encoding would not cause problems with > their code, and > 4) We verified that the IETF security ADs would not reject the > encoding during IESG review > > Basically, in a nutshell, where we've landed is that while the current > encoding probably isn't the best idea ever, it doesn't violate any > specification that anybody could identify and it doesn't appear to > break anything. So, it's going to stand. We will not be revisiting > this issue unless new information is presented. This includes > discussion at the upcoming meeting in Dallas. > > Thanks, > > Melinda and Paul > > _______________________________________________ > Trans mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/trans _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
