I have reviewed the recent update, and I notice one inconsistency. Section 2 says:
In the absence of an application profile standard specifying otherwise, the maximum validity period is set to 7 days. Section 4.1.3 says: 1. Validate that DelegatedCredential.cred.valid_time is no more than 7 days. I think that Section 2 is trying to say that an application profile can make it even shorter than 7 days, but on my first reading I got the opposite. Russ > On Jan 24, 2021, at 6:03 PM, internet-dra...@ietf.org wrote: > > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Transport Layer Security WG of the IETF. > > Title : Delegated Credentials for TLS > Authors : Richard Barnes > Subodh Iyengar > Nick Sullivan > Eric Rescorla > Filename : draft-ietf-tls-subcerts-10.txt > Pages : 19 > Date : 2021-01-24 > > Abstract: > The organizational separation between the operator of a TLS endpoint > and the certification authority can create limitations. For example, > the lifetime of certificates, how they may be used, and the > algorithms they support are ultimately determined by the > certification authority. This document describes a mechanism by > which operators may delegate their own credentials for use in TLS, > without breaking compatibility with peers that do not support this > specification. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-tls-subcerts/ > > There are also htmlized versions available at: > https://tools.ietf.org/html/draft-ietf-tls-subcerts-10 > https://datatracker.ietf.org/doc/html/draft-ietf-tls-subcerts-10 > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-tls-subcerts-10 > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls