[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: draft-ietf-pkix-rfc3770bis-01: key usage extension

To: ietf-pkix@xxxxxxx, housley@xxxxxxxxxxxx
Subject: Re: draft-ietf-pkix-rfc3770bis-01: key usage extension
From: Peter Sylvester <Peter.Sylvester@xxxxxxxxxx>
Date: Fri, 15 Apr 2005 18:20:48 +0200 (MEST)
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

> 
> Peter:
> 
> You are the one that complained that there was not discussion of the key 
> usage extension.  I am happy to delete the whole paragraph ... you are the 
> one who asked for the topic to be covered.

Your name is not Bismarck, and this is not the Emser Depesche. :-)

  I have 'remarked' that there was no discussion of keyUsage in your text.

  You have introduced a restriction that was not in 3370. 

  Since both versions of your proposals seem wrong to me I had already
proposed to delete the second half of the sentence that talks about
keyusages of crlsign or keyCertSign.  

I also had asked whether it is true that 'Currently no EAP methods require
keyCertSign or crlSign'. I have the feeling that this is what you wanted
to express. 

> How about this:
> 
>     If a certificate contains a key usage extension, the KeyUsage bits
>     that are needed depends on the EAP method that is employed.
> 
> Russ

This text is what I had proposed to you yesterday in a reponse that 
didn't went to the list since you did not answered the question above
(unless I have missed it). 

I can live with an with that.

Peter

Prev by Date: Re: CoreStreet IPR disclosure
Next by Date: Re: draft-ietf-pkix-rfc3770bis-01: key usage extension
Previous by thread: Re: draft-ietf-pkix-rfc3770bis-01: key usage extension
Next by thread: Re: draft-ietf-pkix-rfc3770bis-01: key usage extension
Index(es):
- Date
- Thread