Hiya, - The "extensions [TBD]" line on p17 needs fixing before IETF LC since that'd break/prevent interop.
- The [DSS] reference seems outdated, there's a version of fips 186 from 2009, I think you need to fix the reference text since the 1994 version is probably the wrong one at which to point. Best done now but can be done after IETF LC. - The poison extension: you say it has ASN.1 NULL data, but extensions have OCTET STRING syntax. Do you mean an ASN.1 NULL (0x05 0x00) is encoded as the value of the OCTET STRING or that the OCTET STRING has zero length? This can be fixed after IETF LC, or now, if you know what you're code does, but needs fixing. - Having a thing with basicConstraints.cA==false issue precerts seems wrong, but that may be better discussed during IETF LC so I'm not requesting a change now. So only the first need hold up IETF LC but the next two might be worth fixing since a -05 is needed anyway. Not sure about the last one, probably best to review during IETF LC. Cheers, S. _______________________________________________ therightkey mailing list therightkey@ietf.org https://www.ietf.org/mailman/listinfo/therightkey