Hi Deb, Thanks for the quick reply! We have noted your approval on the AUTH48 status page for this document (https://www.rfc-editor.org/auth48/rfc9809).
Best regards, RFC Editor/rv > On Jun 27, 2025, at 2:37 PM, Deb Cooley <[email protected]> wrote: > > That change is fine by me, if it is fine with the authors. > > Deb > > On Fri, Jun 27, 2025 at 5:25 PM Rebecca VanRheenen > <[email protected]> wrote: > Hi Hendrik and AD*, > > Hendrik - Thank you for your reply! We have updated the document accordingly. > Please review the document carefully to ensure satisfaction as we do not make > changes once it has been published as an RFC. Contact us with any further > updates or with your approval of the document in its current form. We will > await approvals from each author prior to moving forward in the publication > process. > > *Deb - As AD, please review and approve the changes in the first paragraph of > Appendix B. The changes are best viewed in this diff file: > https://www.rfc-editor.org/authors/rfc9809-auth48diff.html. We’ve also > included the updated text here: > > Original: > Automation products connected to the > Internet would bear the so-called CE marking [CE-marking] to indicate > they comply. > > Current: > Automation products connected to the > Internet and sold in the EU after 2027 must bear the so-called “CE > marking" [CE-marking] to indicate they also comply with the EU-CRA. > > > — FILES (please refresh) — > > Updated XML file: > https://www.rfc-editor.org/authors/rfc9809.xml > > Updated output files: > https://www.rfc-editor.org/authors/rfc9809.txt > https://www.rfc-editor.org/authors/rfc9809.pdf > https://www.rfc-editor.org/authors/rfc9809.html > > Diff file showing all changes made during AUTH48: > https://www.rfc-editor.org/authors/rfc9809-auth48diff.html > https://www.rfc-editor.org/authors/rfc9809-auth48rfcdiff.html (side by > side) > > Diff files showing all changes: > https://www.rfc-editor.org/authors/rfc9809-diff.html > https://www.rfc-editor.org/authors/rfc9809-rfcdiff.html (side by side) > https://www.rfc-editor.org/authors/rfc9809-alt-diff.html (diff showing > changes where text is moved or deleted) > > For the AUTH48 status of this document, please see: > https://www.rfc-editor.org/auth48/rfc9809 > > Thank you, > > RFC Editor/rv > > > > > On Jun 27, 2025, at 5:05 AM, Brockhaus, Hendrik > > <[email protected]> wrote: > > > > Dear RFC Editor > > > > Thank you for your review and all proposals. > > Please see our responses on you questions inline below. > > If you have any further questions, please let us know. > > > > Hendrik > > > >> -----Ursprüngliche Nachricht----- > >> Von: [email protected] <[email protected]> > >> Gesendet: Donnerstag, 26. Juni 2025 23:21 > >> An: Brockhaus, Hendrik (FT RPD CST SEA-DE) > >> <[email protected]>; Goltzsche, David (SMO RI R&D F SEC) > >> <[email protected]> > >> Cc: [email protected]; [email protected]; [email protected]; > >> [email protected]; [email protected]; [email protected] > >> Betreff: Re: AUTH48: RFC-to-be 9809 > >> <draft-ietf-lamps-automation-keyusages-08> for > >> your review > >> > >> Authors, > >> > >> While reviewing this document during AUTH48, please resolve (as necessary) > >> the > >> following questions, which are also in the XML file. > >> > >> > >> 1) <!-- [rfced] Should the document title be updated to use "X.509 > >> Certificate" > >> rather than "X.509" to align with the titles of RFCs 9509 and 9336? Or is > >> the current > >> okay? > >> > >> Original: > >> X.509 Extended Key Usage (EKU) for configuration, updates and safety- > >> communication > >> > >> Current: > >> X.509 Extended Key Usage (EKU) for Configuration, Updates, and Safety > >> Communication > >> > >> Perhaps: > >> X.509 Certificate Extended Key Usage (EKU) for Configuration, Updates, and > >> Safety > >> Communication > >> --> > > > > [HB] I like your proposal. > > > > Please also perform the following change to be consistent with the rest of > > the document. > > OLD: “Safety Communication” > > NEW: “Safety-Critical Communication” > > > > Please also perform this change in the title of Section 3 and in the second > > paragraph of Section 3. > > > >> > >> > >> 2) <!-- [rfced] Please clarify the text following "i.e.,". > >> > >> Original: > >> If the purpose of an issued certificate is not restricted, i.e., the > >> type of operations for which a public key contained in the > >> certificate can be used in unintended ways, the risk of cross- > >> application attacks is increased. > >> > >> Perhaps: > >> If the purpose of an issued certificate is not restricted (i.e., > >> the operations of the public key contained in the > >> certificate can be used in unintended ways), the risk of cross- > >> application attacks is increased. > >> --> > > > > [HB] I like your proposal > > > >> > >> > >> 3) <!-- [rfced] May we update this text to be list to improve readability? > >> > >> Original: > >> This specification defines the KeyPurposeIds id-kp-configSigning, id- > >> kp-trustAnchorConfigSigning, id-kp-updatePackageSigning, and id-kp- > >> safetyCommunication. These KeyPurposeIds are used, respectively, > >> for: signing general-purpose configuration files or trust anchor > >> configuration files, signing software or firmware update packages, or > >> authenticating communication peers for safety-critical communication. > >> > >> Perhaps: > >> This specification defines the following KeyPurposeIds: > >> > >> * id-kp-configSigning: Used for signing general-purpose configuration > >> files. > >> > >> * id-kp-trustAnchorConfigSigning: Used for signing trust anchor > >> configuration files. > >> > >> * id-kp-updatePackageSigning: Used for signing software or firmware > >> update packages. > >> > >> * id-kp-safetyCommunication: Used for authenticating communication peers > >> for safety-critical communication. > >> --> > > > > [HB] I like your proposal > > > >> > >> > >> 4) <!-- [rfced] Would you like the references to be alphabetized or left > >> in their current > >> order? > >> --> > > > > [HB] I would like to keep them as they are. > > > >> > >> > >> 5) <!-- [rfced] FYI - The URLs in the reference entries below do not work > >> (go to blank > >> page). We updated the URLs as follows. Please review. > >> > >> Original: > >> [X.680] ITU-T, "Information Technology - Abstract Syntax Notation > >> One (ASN.1): Specification of basic notation", ITU-T > >> Recommendation X.680 , February 2021, > >> > >> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.itu.int%252 > >> Frec%2FT- > >> REC.X.680&data=05%7C02%7Chendrik.brockhaus%40siemens.com%7C51fb39ff071 > >> 44ed08ed308ddb4f74bea%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C6 > >> 38865696699011277%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydW > >> UsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D% > >> 7C0%7C%7C%7C&sdata=rfHEXu0qTsfyatOEsFni5sV9kHImV7r8FYdVq161zYo%3D& > >> reserved=0>. > >> > >> [X.690] ITU-T, "Information Technology - ASN.1 encoding rules: > >> Specification of Basic Encoding Rules (BER), Canonical > >> Encoding Rules (CER) and Distinguished Encoding Rules > >> (DER)", ITU-T Recommendation X.690 , February 2021, > >> > >> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.itu.int%252 > >> Frec%2FT- > >> REC.X.690&data=05%7C02%7Chendrik.brockhaus%40siemens.com%7C51fb39ff071 > >> 44ed08ed308ddb4f74bea%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C6 > >> 38865696699042775%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydW > >> UsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D% > >> 7C0%7C%7C%7C&sdata=ZiF3MvcJrM1X9Nh87Ksgk6hJQtOjenU4ghBkl9C82s0%3D > >> &reserved=0>. > >> > >> Updated: > >> [X.680] ITU-T, "Information Technology - Abstract Syntax Notation > >> One (ASN.1): Specification of basic notation", ITU-T > >> Recommendation X.680, February 2021, > >> > >> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.itu.int%252 > >> Frec%2FT-REC-X.680-202102- > >> I%2Fen&data=05%7C02%7Chendrik.brockhaus%40siemens.com%7C51fb39ff07144e > >> d08ed308ddb4f74bea%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C6388 > >> 65696699059532%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIl > >> YiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0 > >> %7C%7C%7C&sdata=iMFytMSMvGtYGEaTnnBaD5C9MBwqC12Sk1fDBOn3WQ4%3 > >> D&reserved=0>. > >> > >> [X.690] ITU-T, "Information Technology - ASN.1 encoding rules: > >> Specification of Basic Encoding Rules (BER), Canonical > >> Encoding Rules (CER) and Distinguished Encoding Rules > >> (DER)", ITU-T Recommendation X.690, February 2021, > >> > >> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.itu.int%252 > >> Frec%2FT-REC-X.690-202102- > >> I%2Fen&data=05%7C02%7Chendrik.brockhaus%40siemens.com%7C51fb39ff07144e > >> d08ed308ddb4f74bea%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C6388 > >> 65696699075948%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIl > >> YiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0 > >> %7C%7C%7C&sdata=Y9jYYqbcWsbUdIlmpwpESe472x4BSIHEIWB%2FSw%2Fn4ts > >> %3D&reserved=0>. > >> --> > > > > [HB] Thank you for updating the URLs. > > > >> > >> > >> 6) <!-- [rfced] The URL in this reference entry directs to a page titled > >> "Cyber Resilience > >> Act". Should the title of this reference entry be updated accordingly (see > >> Perhaps 1 > >> below)? Or should the URL be updated to match a document with that title > >> (see > >> Perhaps 2 below)? > >> > >> Original: > >> [EU-CRA] European Commission, "Proposal for a REGULATION OF THE > >> EUROPEAN PARLIAMENT AND OF THE COUNCIL on horizontal > >> cybersecurity requirements for products with digital > >> elements and amending Regulation (EU) 2019/1020", > >> September 2022, <https://digital- > >> strategy.ec.europa.eu/en/library/cyber-resilience-act>. > >> > >> Perhaps 1 (updated title): > >> [EU-CRA] European Union, "Cyber Resilience Act", > >> September 2022, <https://digital- > >> strategy.ec.europa.eu/en/library/cyber-resilience-act>. > >> > >> Perhaps 2 (updated URL): > >> [EU-CRA] European Commission, "Proposal for a REGULATION OF THE > >> EUROPEAN PARLIAMENT AND OF THE COUNCIL on horizontal > >> cybersecurity requirements for products with digital > >> elements and amending Regulation (EU) 2019/1020", > >> September 2022, > >> <https://eur-/ > >> lex.europa.eu%2Flegal- > >> content%2FEN%2FTXT%2F%3Furi%3DCELEX%3A52022PC0454&data=05%7C02% > >> 7Chendrik.brockhaus%40siemens.com%7C51fb39ff07144ed08ed308ddb4f74bea%7C3 > >> 8ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C638865696699091704%7CUnkn > >> own%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiO > >> iJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=sEkB > >> SVpUshm29KYdNS2HCBa3E%2B1fREyo%2B%2BcmrUwIz%2B0%3D&reserved=0>. > >> --> > > > > [HB] In the meantime the regulation is officially published. Therefore, I > > would like to update the Reference to the following: > > NEW: > > [EU-CRA] European Commission, "Regulation (EU) 2024/2847 of the > > European Parliament and of the Council of 23 October 2024 > > on horizontal cybersecurity requirements for products with > > digital elements and amending Regulations (EU) No 168/2013 > > and (EU) 2019/1020 and Directive (EU) 2020/1828 (Cyber > > Resilience Act)", November 2024, > > https://eur-lex.europa.eu/eli/reg/2024/2847/oj. > > > >> > >> > >> 7) <!-- [rfced] The original title for the reference below is "Directive > >> (EU) > >> 2022/2555 of the European Parliament and of the Council", but the URL > >> directs to the > >> NIST CSRC's glossary entry for the term "safety". Based off the context > >> from the > >> document, we updated this reference entry title to "safety" to match the > >> content at the > >> URL. > >> > >> Original: > >> [NIST_Glossary] > >> NIST CSRC, "Directive (EU) 2022/2555 of the European > >> Parliament and of the Council", n.d., > >> > >> <https://csrc.nist.gov/ > >> %2Fglossary%2Fterm%2Fsafety&data=05%7C02%7Chendrik.brockhaus%40siemens > >> .com%7C51fb39ff07144ed08ed308ddb4f74bea%7C38ae3bcd95794fd4addab42e1495d > >> 55a%7C1%7C0%7C638865696699107536%7CUnknown%7CTWFpbGZsb3d8eyJFbX > >> B0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIl > >> dUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=uyUrMC38tP0BkQshFx%2BEshHGm > >> VLtxgymcgXhhzR%2B4jo%3D&reserved=0>. > >> > >> Current: > >> [NIST_Glossary] > >> NIST CSRC, "safety", > >> > >> <https://csrc.nist.gov/ > >> %2Fglossary%2Fterm%2Fsafety&data=05%7C02%7Chendrik.brockhaus%40siemens > >> .com%7C51fb39ff07144ed08ed308ddb4f74bea%7C38ae3bcd95794fd4addab42e1495d > >> 55a%7C1%7C0%7C638865696699127753%7CUnknown%7CTWFpbGZsb3d8eyJFbX > >> B0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIl > >> dUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=dQBAXrN%2FT26bKrFMTdNENTMnz > >> sem60NvOV2hkZxMwwQ%3D&reserved=0>. > >> > >> However, please note that NIST provides the following guidance for citing > >> terms in > >> their glossary > >> (https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcsrc.nist.gov%25 > >> 2Fglossary&data=05%7C02%7Chendrik.brockhaus%40siemens.com%7C51fb39ff071 > >> 44ed08ed308ddb4f74bea%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C6 > >> 38865696699143977%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydW > >> UsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D% > >> 7C0%7C%7C%7C&sdata=9tavuwGcdOSXqZ7IIsd54TONfpGgzZDDgNwMqfPCRlg%3 > >> D&reserved=0): > >> > >> Cite the source publication, not this website. As our documents are > >> published and withdrawn, the terminology on these web pages will > >> change. When citing terms and definitions, we encourage you to cite > >> the source publication for the authoritative terminology and to > >> understand it in its proper context. Many terms on this website have > >> different definitions, from multiple publications. > >> > >> Based on this, would you like to cite NIST SP 800-160, which is listed as > >> the source > >> for the definition of "safety" in the NIST glossary, rather than citing > >> the glossary entry? > >> Or is citing the glossary okay in this context? > >> > >> https://nvlpubs.nist.go/ > >> v%2Fnistpubs%2FSpecialPublications%2FNIST.SP.800- > >> 160v2r1.pdf&data=05%7C02%7Chendrik.brockhaus%40siemens.com%7C51fb39ff071 > >> 44ed08ed308ddb4f74bea%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C6 > >> 38865696699159300%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydW > >> UsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D% > >> 7C0%7C%7C%7C&sdata=v1QTBvmBvA%2B7OxiCh9Cjo%2BkmAiLyRGbNDJEGYa > >> 21Z%2F0%3D&reserved=0 > >> --> > > > > [HB] Thank you for spotting my copy-paste error. > > If the NIST glossary should not be directly references, I would like to > > change this reference to > > NIST SP 800-160v1r1. Please update Section 2 accordingly. > > OLD: > > [NIST_Glossary] > > NIST CSRC, "safety", > > https://csrc.nist.gov/glossary/term/safety. > > NEW: > > [NIST.SP.800-160v1r1] > > Ron Ross, Mark Winstead, Michael McEvilley, and NIST, > > "Engineering Trustworthy Secure Systems", NIST Special > > Publications 800-160v1r1, DOI 10.6028/NIST.SP.160v1r1, 2022, > > https://doi.org/10.6028/NIST.SP.800-160v1r1 > > > >> > >> > >> 8) <!-- [rfced] FYI - We updated the date for this reference from > >> "December 2024" > >> to "November 2017" to match the date at the URL provided. > >> > >> Original: > >> [ISO.IEC.IEEE_12207] > >> ISO/IEC/IEEE, "Systems and software engineering - Software > >> life cycle processes", December 2024, > >> > >> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.iso.org%25 > >> 2Fstandard%2F63712.html&data=05%7C02%7Chendrik.brockhaus%40siemens.com > >> %7C51fb39ff07144ed08ed308ddb4f74bea%7C38ae3bcd95794fd4addab42e1495d55a% > >> 7C1%7C0%7C638865696699175161%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1 > >> hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoy > >> fQ%3D%3D%7C0%7C%7C%7C&sdata=TJjSf4YlRe5b8M4Ad2an1azdbTJPPeregCQ1 > >> UkacLJc%3D&reserved=0>. > >> > >> Current: > >> [ISO.IEC.IEEE_12207] > >> ISO/IEC/IEEE, "Systems and software engineering - Software > >> life cycle processes", ISO/IEC/IEEE 12207:2017, November > >> 2017, > >> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.iso.org%25 > >> 2Fstandard%2F63712.html&data=05%7C02%7Chendrik.brockhaus%40siemens.com > >> %7C51fb39ff07144ed08ed308ddb4f74bea%7C38ae3bcd95794fd4addab42e1495d55a% > >> 7C1%7C0%7C638865696699190349%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1 > >> hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoy > >> fQ%3D%3D%7C0%7C%7C%7C&sdata=BOe4%2BEOq2IX914Trja6IKW839l0JIcLX89 > >> Q%2BGuMcFKM%3D&reserved=0>. > >> --> > > > > [HB] Thank you > > > >> > >> > >> 9) <!-- [rfced] Please review "would bear" here. Should this be updated to > >> "bear" > >> or "should bear"? > >> > >> Original: > >> Automation products connected to the > >> Internet would bear the so-called CE marking [CE-marking] to indicate > >> they comply. > >> > >> Perhaps: > >> Automation products connected to the > >> Internet bear the so-called "CE marking" [CE-marking] to indicate > >> they comply. > >> > >> Or: > >> Automation products connected to the > >> Internet should bear the so-called "CE marking" [CE-marking] to indicate > >> they comply. > >> --> > > > > NEW: > > Automation products connected to the Internet and sold in the EU after > > 2027 must bear the so-called "CE marking" [CE-marking] to indicate they > > also comply with the EU-CRA. > > > >> > >> > >> 10) <!-- [rfced] How may we clarify "NIS2 Framework, Directive" here? > >> > >> Original: > >> Such regulation was announced in the 2020 EU > >> Cybersecurity Strategy [EU-STRATEGY], and complements other > >> legislation in this area, like the NIS2 Framework, Directive on > >> measures for a high common level of cybersecurity across the Union > >> [NIS2]. > >> > >> Perhaps: > >> Such regulation was announced in the 2020 EU > >> Cybersecurity Strategy [EU-STRATEGY] and complements other > >> legislation in this area, like the NIS2 Directive on > >> measures for a high common level of cybersecurity across the European > >> Union > >> [NIS2]. > >> --> > > > > [HB] I like your proposal. > > Maybe you also want to expand "NIS" to "network and information systems". > > > > NEW: > > Such regulation was announced in the 2020 EU > > Cybersecurity Strategy [EU-STRATEGY] and complements other > > legislation in this area, like the directive on measures for > > a high common level of cybersecurity of network and information > > systems (NIS) across the European Union [NIS2]. > > > >> > >> > >> 11) <!-- [rfced] Would you like to remove the titles of [IEC.62443-4-2] > >> and [IEC.62443- > >> 3-3] in this sentence to improve readability? Note that the titles appear > >> in the > >> reference entries. > >> > >> Original: > >> 2020 EU Cybersecurity Strategy [EU-STRATEGY] suggests to implement > >> and extend international standards such as the Security for > >> industrial automation and control systems - Part 4-2: Technical > >> security requirements for IACS components [IEC.62443-4-2] (IACS > >> refers to industrial automation and control system) and the > >> Industrial communication networks - Network and system security - > >> Part 3-3: System security requirements and security levels > >> [IEC.62443-3-3]. > >> > >> Perhaps: > >> The 2020 EU Cybersecurity Strategy [EU-STRATEGY] suggests implementing > >> and extending international standards such as > >> [IEC.62443-4-2] and [IEC.62443-3-3]. > >> --> > > > > [HB] That is fine with me. > > > >> > >> > >> 12) <!-- [rfced] The citations [ERJU] and [Directive-2016_797] do not > >> appear in the > >> direct quote. We have moved these to appear after the direct quote as > >> shown below. > >> Please review and let us know any concerns. > >> > >> Original: > >> A concrete example for automation is a Rail Automation system. The > >> Europe's Rail web page [ERJU-web] states: "The System Pillar [ERJU] > >> brings rail sector representatives under a single coordination body. > >> To achieve this, the System Pillar will deliver a unified operational > >> concept and a functional, safe and secure system architecture, with > >> due consideration of cyber-security aspects, focused on the European > >> railway network to which Directive 2016/797 [Directive-2016_797] > >> applies (i.e. the heavy rail network) as well as associated > >> specifications and/or standards." > >> > >> Perhaps: > >> A concrete example for automation is a rail automation system. The > >> Europe's Rail web page [ERJU-web] states: > >> > >> | The System Pillar brings rail sector representatives under > >> | a single coordination body. To achieve this, the System Pillar > >> | will deliver a unified operational concept and a functional, safe > >> | and secure system architecture, with due consideration of cyber- > >> | security aspects, focused on the European railway network to which > >> | Directive 2016/797 applies (i.e. the heavy > >> | rail network) as well as associated specifications and/or > >> | standards. > >> > >> See [Directive-2016_797]. For details about the System Pillar, see [ERJU]. > >> --> > > > > [HB] This looks much better. Thank you. > > > >> > >> > >> 13) <!-- [rfced] We updated two instances of <artwork> to <sourcecode> in > >> Section 4. > >> Should the "type" attribute be set to "asn.1" for these? Note that it is > >> also acceptable > >> to leave the "type" attribute not set. > >> > >> The current list of preferred values for "type" is available here: > >> https://www.rfc-/ > >> editor.org%2Frpc%2Fwiki%2Fdoku.php%3Fid%3Dsourcecode- > >> types&data=05%7C02%7Chendrik.brockhaus%40siemens.com%7C51fb39ff07144ed0 > >> 8ed308ddb4f74bea%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C638865 > >> 696699205461%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYi > >> OiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0% > >> 7C%7C%7C&sdata=UoGQ9PYT2QqEj6DKK3cDT1seSdPjG2e57TmnWMdGpiE%3D& > >> reserved=0. If the list does not contain an applicable type, then feel > >> free to suggest a > >> new one. > >> --> > > > > [HB] I guess asn.1 is the best fit. > > > >> > >> > >> 14) <!-- [rfced] We see the following forms in the document. Should these > >> be uniform? > >> If so, please let us know which form is preferred. > >> > >> safety communication > >> safety-critical communication > >> > >> KeyUsage extension > >> Key Usage (KU) extension > >> --> > > > > [HB] This makes sense. Thank you. > > > >> > >> > >> 15) <!-- [rfced] Abbreviations > >> > >> a) We updated the expansion for "KeyPurposeIds" as follows per RFCs 9336 > >> and > >> 9509. Let us know any concerns. > >> > >> key purpose identifiers (KeyPurposeIds) > > > > [HB] Looks good. > > > >> > >> > >> b) How should "NIS2" be expanded? We do not see an expansion in [NIS2]. > >> > >> Original: > >> Such regulation was announced in the 2020 EU > >> Cybersecurity Strategy [EU-STRATEGY] and complements other > >> legislation in this area, like the NIS2 Framework, Directive on > >> measures for a high common level of cybersecurity across the Union > >> [NIS2]. > >> --> > > > > [HB] The expansion is I provides a proposal in 10) > > > >> > >> > >> 16) <!-- [rfced] Please review the "Inclusive Language" portion of the > >> online Style > >> Guide > >> <https://www.rfc-/ > >> editor.org%2Fstyleguide%2Fpart2%2F%23inclusive_language&data=05%7C02%7Che > >> ndrik.brockhaus%40siemens.com%7C51fb39ff07144ed08ed308ddb4f74bea%7C38ae3 > >> bcd95794fd4addab42e1495d55a%7C1%7C0%7C638865696699220423%7CUnknown > >> %7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJX > >> aW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=raJ3k%2 > >> F2h6CdQ7x7TCTrGaZA%2F%2BlRHahFg8ONqn%2B%2FFIcA%3D&reserved=0> > >> and let us know if any changes are needed. Updates of this nature > >> typically result in > >> more precise language, which is helpful for readers. > >> > >> Note that our script did not flag any words in particular, but this should > >> still be > >> reviewed as a best practice. > >> --> > > > > [HB] I did not spot any need for changes. > > > >> > >> > >> Thank you. > >> > >> RFC Editor/rv > >> > >> > >> On Jun 26, 2025, at 2:16 PM, [email protected] wrote: > >> > >> *****IMPORTANT***** > >> > >> Updated 2025/06/26 > >> > >> RFC Author(s): > >> -------------- > >> > >> Instructions for Completing AUTH48 > >> > >> Your document has now entered AUTH48. Once it has been reviewed and > >> approved by you and all coauthors, it will be published as an RFC. > >> If an author is no longer available, there are several remedies > >> available as listed in the FAQ > >> (https://www.rfc-/ > >> editor.org%2Ffaq%2F&data=05%7C02%7Chendrik.brockhaus%40siemens.com%7C5 > >> 1fb39ff07144ed08ed308ddb4f74bea%7C38ae3bcd95794fd4addab42e1495d55a%7C1% > >> 7C0%7C638865696699235935%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGki > >> OnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3 > >> D%3D%7C0%7C%7C%7C&sdata=EfJARXgGB3Pw4oc%2B%2F8tNreIrHCbmcTjx%2 > >> Fu7C1xFnX2c%3D&reserved=0). > >> > >> You and you coauthors are responsible for engaging other parties > >> (e.g., Contributors or Working Group) as necessary before providing > >> your approval. > >> > >> Planning your review > >> --------------------- > >> > >> Please review the following aspects of your document: > >> > >> * RFC Editor questions > >> > >> Please review and resolve any questions raised by the RFC Editor > >> that have been included in the XML file as comments marked as > >> follows: > >> > >> <!-- [rfced] ... --> > >> > >> These questions will also be sent in a subsequent email. > >> > >> * Changes submitted by coauthors > >> > >> Please ensure that you review any changes submitted by your > >> coauthors. We assume that if you do not speak up that you > >> agree to changes submitted by your coauthors. > >> > >> * Content > >> > >> Please review the full content of the document, as this cannot > >> change once the RFC is published. Please pay particular attention to: > >> - IANA considerations updates (if applicable) > >> - contact information > >> - references > >> > >> * Copyright notices and legends > >> > >> Please review the copyright notice and legends as defined in > >> RFC 5378 and the Trust Legal Provisions > >> (TLP – > >> https://trustee.ietf.org/ > >> %2Flicense- > >> info&data=05%7C02%7Chendrik.brockhaus%40siemens.com%7C51fb39ff07144ed08 > >> ed308ddb4f74bea%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C6388656 > >> 96699250864%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOi > >> IwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C > >> %7C%7C&sdata=PcsccvewlztzzDwi4UGMnKdTgcDeP4uqvt1NE4ogFUo%3D&reserv > >> ed=0). > >> > >> * Semantic markup > >> > >> Please review the markup in the XML file to ensure that elements of > >> content are correctly tagged. For example, ensure that <sourcecode> > >> and <artwork> are set correctly. See details at > >> > >> <https://authors.ietf.or/ > >> g%2Frfcxml- > >> vocabulary&data=05%7C02%7Chendrik.brockhaus%40siemens.com%7C51fb39ff071 > >> 44ed08ed308ddb4f74bea%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C6 > >> 38865696699266823%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydW > >> UsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D% > >> 7C0%7C%7C%7C&sdata=Gixeq8q2USPw%2F76LXiDtESLe4iYuFUO%2ForqqB4iCiL > >> s%3D&reserved=0>. > >> > >> * Formatted output > >> > >> Please review the PDF, HTML, and TXT files to ensure that the > >> formatted output, as generated from the markup in the XML file, is > >> reasonable. Please note that the TXT will have formatting > >> limitations compared to the PDF and HTML. > >> > >> > >> Submitting changes > >> ------------------ > >> > >> To submit changes, please reply to this email using ‘REPLY ALL’ as all > >> the parties CCed on this message need to see your changes. The parties > >> include: > >> > >> * your coauthors > >> > >> * [email protected] (the RPC team) > >> > >> * other document participants, depending on the stream (e.g., > >> IETF Stream participants are your working group chairs, the > >> responsible ADs, and the document shepherd). > >> > >> * [email protected], which is a new archival mailing list > >> to preserve AUTH48 conversations; it is not an active discussion > >> list: > >> > >> * More info: > >> > >> https://mailarchive.ietf/ > >> .org%2Farch%2Fmsg%2Fietf-announce%2Fyb6lpIGh- > >> 4Q9l2USxIAe6P8O4Zc&data=05%7C02%7Chendrik.brockhaus%40siemens.com%7C > >> 51fb39ff07144ed08ed308ddb4f74bea%7C38ae3bcd95794fd4addab42e1495d55a%7C1 > >> %7C0%7C638865696699285346%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hc > >> GkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ > >> %3D%3D%7C0%7C%7C%7C&sdata=G2M0ABqCps4bIbcP1q7Z9HANhOH3sxwfdZ4j > >> AYnH5BY%3D&reserved=0 > >> > >> * The archive itself: > >> > >> https://mailarchive.ietf/ > >> .org%2Farch%2Fbrowse%2Fauth48archive%2F&data=05%7C02%7Chendrik.brockha > >> us%40siemens.com%7C51fb39ff07144ed08ed308ddb4f74bea%7C38ae3bcd95794fd4 > >> addab42e1495d55a%7C1%7C0%7C638865696699300810%7CUnknown%7CTWFpbG > >> Zsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkF > >> OIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=yWqUEZubJi1Uq28S > >> CIm132ySkp64HegOZQ6%2BoyWeZh8%3D&reserved=0 > >> > >> * Note: If only absolutely necessary, you may temporarily opt out > >> of the archiving of messages (e.g., to discuss a sensitive matter). > >> If needed, please add a note at the top of the message that you > >> have dropped the address. When the discussion is concluded, > >> [email protected] will be re-added to the CC list and > >> its addition will be noted at the top of the message. > >> > >> You may submit your changes in one of two ways: > >> > >> An update to the provided XML file > >> — OR — > >> An explicit list of changes in this format > >> > >> Section # (or indicate Global) > >> > >> OLD: > >> old text > >> > >> NEW: > >> new text > >> > >> You do not need to reply with both an updated XML file and an explicit > >> list of changes, as either form is sufficient. > >> > >> We will ask a stream manager to review and approve any changes that seem > >> beyond editorial in nature, e.g., addition of new text, deletion of text, > >> and technical changes. Information about stream managers can be found in > >> the FAQ. Editorial changes do not require approval from a stream manager. > >> > >> > >> Approving for publication > >> -------------------------- > >> > >> To approve your RFC for publication, please reply to this email stating > >> that you approve this RFC for publication. Please use ‘REPLY ALL’, > >> as all the parties CCed on this message need to see your approval. > >> > >> > >> Files > >> ----- > >> > >> The files are available here: > >> https://www.rfc-/ > >> editor.org%2Fauthors%2Frfc9809.xml&data=05%7C02%7Chendrik.brockhaus%40sie > >> mens.com%7C51fb39ff07144ed08ed308ddb4f74bea%7C38ae3bcd95794fd4addab42e1 > >> 495d55a%7C1%7C0%7C638865696699316048%7CUnknown%7CTWFpbGZsb3d8eyJ > >> FbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpb > >> CIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=FNL6NL%2BKUr5tVtvRNljea4oYd > >> Jf8NPq2dfBhSxaRc6w%3D&reserved=0 > >> https://www.rfc-/ > >> editor.org%2Fauthors%2Frfc9809.html&data=05%7C02%7Chendrik.brockhaus%40sie > >> mens.com%7C51fb39ff07144ed08ed308ddb4f74bea%7C38ae3bcd95794fd4addab42e1 > >> 495d55a%7C1%7C0%7C638865696699331291%7CUnknown%7CTWFpbGZsb3d8eyJ > >> FbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpb > >> CIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=Gsjdij38TzO5gr%2FcRd7KuVzest > >> u%2FBb49QdiM3OG58cs%3D&reserved=0 > >> https://www.rfc-/ > >> editor.org%2Fauthors%2Frfc9809.pdf&data=05%7C02%7Chendrik.brockhaus%40sie > >> mens.com%7C51fb39ff07144ed08ed308ddb4f74bea%7C38ae3bcd95794fd4addab42e1 > >> 495d55a%7C1%7C0%7C638865696699346676%7CUnknown%7CTWFpbGZsb3d8eyJ > >> FbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpb > >> CIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=VTheZFhGWN60wI83tpBHbgv67a > >> JkOZL9cjFkGEAe1k8%3D&reserved=0 > >> https://www.rfc-/ > >> editor.org%2Fauthors%2Frfc9809.txt&data=05%7C02%7Chendrik.brockhaus%40siem > >> ens.com%7C51fb39ff07144ed08ed308ddb4f74bea%7C38ae3bcd95794fd4addab42e14 > >> 95d55a%7C1%7C0%7C638865696699362040%7CUnknown%7CTWFpbGZsb3d8eyJF > >> bXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbC > >> IsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=3MfUPfph9fce7aV5KzwOo%2BaU > >> D7He41eH3kHFRAi31hk%3D&reserved=0 > >> > >> Diff file of the text: > >> https://www.rfc-/ > >> editor.org%2Fauthors%2Frfc9809- > >> diff.html&data=05%7C02%7Chendrik.brockhaus%40siemens.com%7C51fb39ff07144e > >> d08ed308ddb4f74bea%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C6388 > >> 65696699376933%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIl > >> YiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0 > >> %7C%7C%7C&sdata=W5XZI5FNg7WyiXGHtDrylVVDyDel3bfTkTGzoyjPhRg%3D&re > >> served=0 > >> https://www.rfc-/ > >> editor.org%2Fauthors%2Frfc9809- > >> rfcdiff.html&data=05%7C02%7Chendrik.brockhaus%40siemens.com%7C51fb39ff0714 > >> 4ed08ed308ddb4f74bea%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C63 > >> 8865696699391941%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWU > >> sIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7 > >> C0%7C%7C%7C&sdata=kl1HZI7GR73rZIFnK1JabBjwOz4PKvQGDyyH18YSgFY%3 > >> D&reserved=0 (side by side) > >> > >> Alt-diff of the text (allows you to more easily view changes > >> where text has been deleted or moved): > >> https://www.rfc-/ > >> editor.org%2Fauthors%2Frfc9809-alt- > >> diff.html&data=05%7C02%7Chendrik.brockhaus%40siemens.com%7C51fb39ff07144e > >> d08ed308ddb4f74bea%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C6388 > >> 65696699406977%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIl > >> YiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0 > >> %7C%7C%7C&sdata=6nuGrcSviyji1fRpCeSqTCdGay1jQLzfTqSOzq9roD4%3D&reser > >> ved=0 > >> > >> Diff of the XML: > >> https://www.rfc-/ > >> editor.org%2Fauthors%2Frfc9809- > >> xmldiff1.html&data=05%7C02%7Chendrik.brockhaus%40siemens.com%7C51fb39ff07 > >> 144ed08ed308ddb4f74bea%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C > >> 638865696699422302%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydW > >> UsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D% > >> 7C0%7C%7C%7C&sdata=wmfUf5P2EWccMtKS3XCD4ddrTXP2hlc92QeC%2B98xX2 > >> k%3D&reserved=0 > >> > >> > >> Tracking progress > >> ----------------- > >> > >> The details of the AUTH48 status of your document are here: > >> https://www.rfc-/ > >> editor.org%2Fauth48%2Frfc9809&data=05%7C02%7Chendrik.brockhaus%40siemens > >> .com%7C51fb39ff07144ed08ed308ddb4f74bea%7C38ae3bcd95794fd4addab42e1495d > >> 55a%7C1%7C0%7C638865696699439899%7CUnknown%7CTWFpbGZsb3d8eyJFbX > >> B0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIl > >> dUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=HaP5V0n8Gr8NmfaQKGa1hzc56rQW > >> KUbJJuSh5%2Fdu7fc%3D&reserved=0 > >> > >> Please let us know if you have any questions. > >> > >> Thank you for your cooperation, > >> > >> RFC Editor > >> > >> -------------------------------------- > >> RFC9809 (draft-ietf-lamps-automation-keyusages-08) > >> > >> Title : X.509 Extended Key Usage (EKU) for configuration, > >> updates and safety- > >> communication > >> Author(s) : H. Brockhaus, D. Goltzsche > >> WG Chair(s) : Russ Housley, Tim Hollebeek > >> Area Director(s) : Deb Cooley, Paul Wouters > > > -- auth48archive mailing list -- [email protected] To unsubscribe send an email to [email protected]
