Internet X.509 Public Key Infrastructure Authority Information Access Certificate Revocation List (CRL) Extension
Note: This ballot was opened for revision 03 and is now closed.
(Sam Hartman) Yes
(Brian Carpenter) No Objection
Gen-ART review comments from Spencer Dawkins: In Section 3 Security Considerations Question: Is there any more specific guidance that could be given about how implementers "take into account" the possible existence described here? Even a reference someplace would be nice. Implementers should take into account the possible existence of multiple unrelated CAs and CRL issuers with the same name. Extreme Nit: I apologize in advance for asking, but do we use abbreviations in RFC titles? From ftp://ftp.rfc-editor.org/in-notes/rfc-editor/instructions2authors.txt: Abbreviations (e.g., acronyms) in a title must generally be expanded when first encountered. In Section 2. Authority Information Access CRL Extension Nit: this paragraph was a little harder to parse than it should have been: This extension MUST be identified by the extension object identifier (OID) defined in RFC 3280 (126.96.36.199.188.8.131.52.1), and the AuthorityInfoAccessSyntax MUST be used to form the extension value. For convenience, the ASN.1 [X.680] definition of the Authority Information Access extension is repeated below. Could I suggest something like "This extension MUST be identified by the extension Object IDentifier (OID) defined in RFC 3280 (184.108.40.206.220.127.116.11.1), and the Authority Information Access syntax MUST be used to form the extension value. For convenience, the ASN.1 [X.680] definition of the Authority Information Access extension is repeated below."
(Margaret Cullen) No Objection
(Bill Fenner) No Objection
(Ted Hardie) No Objection
This document should probably reference draft-ietf-ldapbis-url-09.txt (in the RFC Editor's queue) in Section 2's discussion of the LDAP URI; it may, in particular, want to point to the security considerations section of that draft.