Defining an SRV RR Other name in pkix

["Stefan Santesson" <stefans@xxxxxxxxxxxxx>]

Tim and Steve,

Based on the previous discussion on this issue I'm asking you as WG
chair to consider accepting the definition of an SAN Other Name for
Service Resource Records (SRV RR) as a PKIX work item based on the input
from my previously submitted draft and discussions on this list.

http://www.ietf.org/internet-drafts/draft-santesson-pkix-srvrr-00.txt

My summary: 
Arguments from Sam have suggested that we need to add clear guidance
that binding a certificate to a SRV RR must be done in accordance with
the appropriate security considerations for each defined symbolic name
for each service type. 

Several postings have also suggested that the SRV RR name should be
encoded in UTF-8 and not IA5String.

I agree with these observations and plan to accommodate them in the next
draft.

Considering the limited technical scope of this draft I foresee no other
hard technical issues to be solved and I think that finalization of this
work should be possible to be achieved within the timeframe of the Paris
meeting.

Speaking as vendor I strongly believe in the need for this name form to
support an increased use of SRV RR for DNS based service queries and I
would therefore prefer, for interoperability reasons, to implement this
name form based on an RFC rather than going ahead with a privately
defined name.

In any case (going forward as private or pkix draft), I would like to
have an IETF OID defined for this Other Name to be included in the next
draft.


Stefan Santesson
Program Manager, Standards Liaison
Windows Security