On 02/07/13 02:05, David Mattes wrote:
Hi Samu,
I have reviewed the draft as well. I just have a couple
questions/comments about Section 3. Other than this I think this is
ready to move forward.
Section 3, Paragraph 1:
Why do you use normative MUSTs for the Issuer and Subject Alternative
Names? Is it because these certificates would not otherwise have
Distinguished Names? If you could add a sentence about the rationale
behind these MUSTs, that would be helpful.
These MUSTs should be SHOULDs in my opinion. Other fields can be used to convey
the HITs but the rationale for recommending IAN and SAN is that the information
would always be in the same place.
It is not clear why I
might have the situation described in paragraph 1 versus paragraph 2.
HIP aware PKI vs. not HIP aware PKI
Section 3, Paragraph 3:
Can the MUST be changed to a SHOULD? I ask because a remote peer may
be pre-configured with the CA chain, and is therefore unnecessary to
send the intermediate CAs.
I agree this can be relaxed to SHOULD as it may be the case that it is
unnecessary to include the whole chain.
BR,
Samu
Thank you,
David
_______________________________________________
Hipsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/hipsec
