WG Last Call: Son-of-2459

[Tim Polk <tim.polk@xxxxxxxx>]

Folks,

The current version of Part1 is ready for Working Group Last Call; Last 
Call will close on or after February 28, 2001.

The draft is named draft-ietf-pkix-new-part1-04.txt.  The text has been 
posted and is available from the usual repositories, including: 
http://www.ietf.org/internet-drafts/draft-ietf-pkix-new-part1-04.txt

The name constraints issue has been addressed satisfactorily.  (See earlier 
message with subject "Resolution of name constraints issue").

I am aware of one open issue that needs to be discussed by this group.  The 
basic constraints text (4.2.1.10, page 37) and path validation algorithm 
wrap-up procedure (6.1.5, page 73) contained in this specification does not 
consider the path length constraint for an end certificate.   This may be 
considered a change from RFC 2459, and ...

                          *it was not discussed on the list*.

This is a change I made without bringing it to the attention of the 
list.  Oops.

We ran into this issue when we were developing the X.509 path validation 
tests.  After some discussion, we decided that the path length constraint 
did not apply to the end certificate. I thought I was clarifying the text 
of Part1 by making the corresponding changes.  However, users of the path 
validation tests have sited this as a *change* not a clarification.

It was not appropriate for me to make this change without discussion on the 
list.  We need to discuss this issue and resolve it on the list before WG 
Last Call closes.  I will be following this message with a more complete 
description of the problem this afternoon.

Thanks,

Tim Polk