On Fri, Apr 8, 2016 at 6:25 AM, Stephen Kent <[email protected]> wrote: > It's good that this potential problem has been identified, but it > ought to be addressed in 6962-bis, not via an action in the CABF context. > I say this for a few reasons: > > - CABF cert policies do not apply to all cert that one might encounter > in a browser > - 6962-bis wants to become an IETF standard and thus relying on an > external > spec to address a potential security concern is not appropriate. > > If Rob can adjust text in 6962-bis to address this problem, that's the > preferred approach.
Stephen, This is obviously the correct answer. The real challenge will be determining how to map redaction info to the DN, given that DN is a SEQUENCE OF(SET OF(Attribute)) and that SET is unordered. I'm thinking the right answer is to borrow ASN.1 Distinguished Encoding Rules to set the order of SET when a SET has more than one commonName attribute, as I think the most common state. Thanks, Peter _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
