Speaking as the representative of RPSTIR team, We are working on RPSTIR update in order to make it use the new algorithm to do INR validation.
Before RP performs the new validation process, it needs to get the INRs from certificates. And we found a bug of OPENSSL library when using OPENSSL to get resource sets from certificates, so we wrote our own code to do so. It seems to me that the only concern on OID is about using OPENSSL to get resource sets for further validation process. If the WG has decided to deprecate the original by using the Validation Reconsidered, why bother to bring a new OID ? Declan(Di) Ma ZDNS > 在 2017年3月13日,02:28,Chris Morrow <morr...@ops-netman.net> 写道: > > At Sat, 11 Mar 2017 17:25:27 -0500, > Rob Austein <s...@hactrn.net> wrote: >> >> At Thu, 9 Mar 2017 18:44:58 +0000, Alvaro Retana (aretana) wrote: >>> >>> I just finished reading this document. My review is predicated on >>> the assumption that the intent of the WG is to define an additional >>> validation process, and not amend/change/update/deprecate the >>> existing one?yet, which is why there are not only process changes >>> specified, but also new OIDs. >> >> Alvaro, >> >> I will let the WG chairs and authors speak to intent regarding the >> existing validation process. >> > > I think the intent of the WG is still to add the new validation > process, then deprecate the original once all users are on code which > supports the 'new' way. > > -chris > > _______________________________________________ > sidr mailing list > sidr@ietf.org > https://www.ietf.org/mailman/listinfo/sidr _______________________________________________ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr
