Javascript disabled? Like other modern websites, the IETF Datatracker relies on Javascript. Please enable Javascript for full functionality.

Update to DirectoryString Processing in the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
draft-ietf-pkix-cert-utf8-03

Yes

(Sam Hartman)

No Objection

(Bill Fenner)

(Brian Carpenter)

(Cullen Jennings)

(Dan Romascanu)

(Jari Arkko)

(Jon Peterson)

(Lars Eggert)

(Lisa Dusseault)

(Magnus Westerlund)

(Mark Townsley)

(Ross Callon)

(Ted Hardie)

Recuse

(Russ Housley)

Note: This ballot was opened for revision 03 and is now closed.

Sam Hartman Former IESG member

(was Discuss, Yes) Yes

Yes () Unknown

Bill Fenner Former IESG member

No Objection

No Objection () Unknown

Brian Carpenter Former IESG member

No Objection

No Objection (2006-04-12) Unknown

(actually picked up by David Black's Gen-ART review of the previous draft)

This sentence in section 5 lacks a verb:

|  When the subjectAltName extension contains a DN in the directoryName,
|  the same encoding preference as in 4.1.2.4.

Cullen Jennings Former IESG member

No Objection

No Objection (2006-04-13) Unknown

I am concerned about how the visual comparisons of names security problem will be solved. I would be supportive of text that pointed out the problem and did not try to provide a solution. I would change to a discuss if we put in text that required anyone to implement something that is a research problem.

Dan Romascanu Former IESG member

No Objection

No Objection () Unknown

Jari Arkko Former IESG member

No Objection

No Objection () Unknown

Jon Peterson Former IESG member

No Objection

No Objection () Unknown

Lars Eggert Former IESG member

No Objection

No Objection () Unknown

Lisa Dusseault Former IESG member

No Objection

No Objection () Unknown

Magnus Westerlund Former IESG member

No Objection

No Objection (2006-04-13) Unknown

The security consideration section seems very strange:

   The replacement text is much clearer.  The direction is much less
   prone to implementation error.  Also, the use of consistent encoding
   for name components will ensure that name constraints work as
   expected.

As a minimal it seems to be lacking a reference to the base line in RFC 3280 that it tries to change. But also the statement that this should be more secure is not really clear on what aspects and why.

I expect this to be fixed when taking care of the Discuss about the similar looking names.

Mark Townsley Former IESG member

No Objection

No Objection () Unknown

Ross Callon Former IESG member

No Objection

No Objection () Unknown

Ted Hardie Former IESG member

No Objection

No Objection () Unknown

Russ Housley Former IESG member

Recuse

Recuse () Unknown

Update to DirectoryString Processing in the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile draft-ietf-pkix-cert-utf8-03

Update to DirectoryString Processing in the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
draft-ietf-pkix-cert-utf8-03