I have heard some folks say that we should have a successor to RFC 3280 (and 3279) and some folks say that we shouldn't. I'd like to raise this topic for discussion on the PKIX list to settle this matter. I believe that an update to RFC 3280 is necessary for two reasons. First, some minor problems have been found during implementation and deployment (mostly typos and clarifications). These should be fixed so that future implementors don't have to suffer through them. Second, we are almost ready for RFC 3280 to progress to Draft Standard status. In order to do this, it must be revised. So I believe that an update to RFC 3280 (and 3279) should be undertaken. HOWEVER, I think it is essential for us to limit the scope of this update. We should not add features to the spec or make substantial changes, especially changes that would break compatibility with RFC 3280. The scope of the update should be limited to "clarifying and correcting the document in light of implementation experience". That's my perspective on this important matter. I would like to hear other perspectives and opinions so that we can arrive at a rough working group consensus on this. Thanks, Steve P.S. I have a list of typos and clarifications that need to be fixed in the next version of RFC 3280. If we decide to proceed with a revision, I'll forward it to the editor and cc the PKIX list.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature