Update to DirectoryString Processing in the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
draft-ietf-pkix-cert-utf8-03
Yes
(Sam Hartman)
No Objection
(Bill Fenner)
(Dan Romascanu)
(Jari Arkko)
(Jon Peterson)
(Lars Eggert)
(Lisa Dusseault)
(Mark Townsley)
(Ross Callon)
(Ted Hardie)
Recuse
(Russ Housley)
Note: This ballot was opened for revision 03 and is now closed.
Sam Hartman Former IESG member
(was Discuss, Yes)
Yes
Yes
()
Unknown
Bill Fenner Former IESG member
No Objection
No Objection
()
Unknown
Brian Carpenter Former IESG member
No Objection
No Objection
(2006-04-12)
Unknown
(actually picked up by David Black's Gen-ART review of the previous draft) This sentence in section 5 lacks a verb: | When the subjectAltName extension contains a DN in the directoryName, | the same encoding preference as in 4.1.2.4.
Cullen Jennings Former IESG member
No Objection
No Objection
(2006-04-13)
Unknown
I am concerned about how the visual comparisons of names security problem will be solved. I would be supportive of text that pointed out the problem and did not try to provide a solution. I would change to a discuss if we put in text that required anyone to implement something that is a research problem.
Dan Romascanu Former IESG member
No Objection
No Objection
()
Unknown
Jari Arkko Former IESG member
No Objection
No Objection
()
Unknown
Jon Peterson Former IESG member
No Objection
No Objection
()
Unknown
Lars Eggert Former IESG member
No Objection
No Objection
()
Unknown
Lisa Dusseault Former IESG member
No Objection
No Objection
()
Unknown
Magnus Westerlund Former IESG member
No Objection
No Objection
(2006-04-13)
Unknown
The security consideration section seems very strange: The replacement text is much clearer. The direction is much less prone to implementation error. Also, the use of consistent encoding for name components will ensure that name constraints work as expected. As a minimal it seems to be lacking a reference to the base line in RFC 3280 that it tries to change. But also the statement that this should be more secure is not really clear on what aspects and why. I expect this to be fixed when taking care of the Discuss about the similar looking names.
Mark Townsley Former IESG member
No Objection
No Objection
()
Unknown
Ross Callon Former IESG member
No Objection
No Objection
()
Unknown
Ted Hardie Former IESG member
No Objection
No Objection
()
Unknown
Russ Housley Former IESG member
Recuse
Recuse
()
Unknown