RFC3039bis last call ?

[Denis Pinkas <Denis.Pinkas@xxxxxxxx>]

I probably missed the e-mail about an RFC3039bis last call, but since it 
is mentioned in the WG minutes that there will be a last call. In case 
it is already going, I would like to reiterate that the concerns I 
raised before the Minneapolis meeting are still valid.

In particular, I would like to reinsist on two points:

RFC3039 states in the abstract:

This document forms a certificate profile for Qualified Certificates,
based on RFC 2459, for use in the Internet. The term Qualified
Certificate is used to describe a certificate with a certain
qualified status within applicable governing law.

RFC3039bis states in the abstract:

This document forms a certificate profile, based on RFC 3280, for
identity certificates issued to physical persons.

It is clear from the abstract that the topic of the two documents are 
different and that the new draft should be renamed: Identity 
Certificates Profile.

As a consequence, this new draft is NOT a replacement for RFC 3039. One 
argument has been that ETSI needed changes to RFC 3039. There is not 
such a requirement from ETSI.

Another major issue is that RFC3039bis states:

Key usage settings SHALL be set in accordance with RFC 3280 definitions.

We know that the key usage bit section of RFC 3280 is going to be 
changed. However we still don't know what will be the new text. 
Discussions are going on within ISO SC6 both to redefine bit 0 in terms 
of the security services it may support (instead of saying “all security 
services except one security service”), and to rename bit 1. This means 
that referencing RFC 3280 is fine, except for the section on the key 
usage bits.

Qualified Certificates are to be used when a signer wants to commit to 
the content of a document, not when a signer wants to authenticate. As 
it is, the new draft would create confusion.

Denis