[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: I-D ACTION:draft-ietf-pkix-rfc3280bis-03.txt
All,
Draft 3 of 3280bis contains minor changes from draft 2. A diff file
highlighting the changes is available at
http://csrc.nist.gov/pki/documents/PKIX/draft3280bis-02todraft3280bis-03_diff.html.
Draft 3 includes the following changes:
1. Section 1 now highlights the changes between 3280 and 3280bis rather
than between
2459 and 3280.
2. Modifications were made in sections 4.1.2.4 and 4.1.2.6 to align with
draft-ietf-pkix-cert-utf8-03.txt.
2. Section 4.2.1.10 includes a reference to draft-ietf-pkix-srvsan-01.txt
as an example of another document that specifies rules for name
constraints.
3. Changes to section 4.2.1.12 were made to clarify that applications
may require
the presence of a specific OID in the extended key usage extension.
4. In section 4.2.1.13 the requirement for file names specified in an
HTTP URI to
have a ".crl" extension was removed.
5. References to PEM in sections 6 and 6.2 were removed since the text
in section
6.2 was incorrect and there did not seem to be a compelling reason
to correct
the text rather than simply removing it.
6. In section 6.1.1 item (d) and section 6.1.2 item (j), the text
describing the source
of trust anchor information was clarified.
7. In section 6.1.3, item (c): replaced "one" with "any".
8. The description of Figure 7 in section 6.1.3 after item (d)(3) was
modified for clarity.
9. Section 6.3.3 item (f): Added a sentence noting that trust anchor for
CRL certification
path must be same as certification path for target certificate (as
was already stated
in the Security Considerations section).
10. Added paragraphs to Security Considerations section about the risk
of circular
dependencies in AIA, SIA, and CDP extensions.
11. Added paragraph to Security Considerations section about risks
involving names with
similar visual representations.
11. Appendix C: Clarified that string representations of DNs follow RFC
2253 formatting rules.
A number of spelling errors were also corrected and a few changes were
made to correct some ID-nits.
Dave
Internet-Drafts@xxxxxxxx wrote:
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Public-Key Infrastructure (X.509) Working Group of the IETF.
Title : Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
Author(s) : D. Cooper, et al.
Filename : draft-ietf-pkix-rfc3280bis-03.txt
Pages : 141
Date : 2006-5-24
This memo profiles the X.509 v3 certificate and X.509 v2 Certificate
Revocation List (CRL) for use in the Internet. An overview of this
approach and model are provided as an introduction. The X.509 v3
certificate format is described in detail, with additional
information regarding the format and semantics of Internet name
forms. Standard certificate extensions are described and two
Internet-specific extensions are defined. A set of required
certificate extensions is specified. The X.509 v2 CRL format is
described in detail, and required extensions are defined. An
algorithm for X.509 certification path validation is described. An
ASN.1 module and examples are provided in the appendices.
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-pkix-rfc3280bis-03.txt