On 9/16/2010 10:04 AM, Tim Bruijnzeels wrote:
So, we can not legally issue a new resource certificate that says: "no resources". As far as I can tell this is perfectly legal to do under rfc3779: just don't include any "IPAddressFamily"; use a "SEQUENCE OF" with length 0.
True. Currently, draft-ietf-sidr-res-certs-18 leaves the loophole that even if an IP Resources extension is present, it can have length 0.
If we decide to disallow certs with no resources, we should eliminate this loophole by rewording the appropriate sentences in 4.9.10 and 4.9.11 to something like: "All Resource Certificates MUST include a non-empty IP Resources extension, a non-empty AS Resource extension, or both."
_______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
