> Hi Rick > > this is getting good now. However I think q6 is too complex > > 6) Does the product allow for the configuration of multiple > certificates > using different public key algorithms (RSA, DSA, ECC) but the same > Subject DN, > > could be answered yes or no > > and deliver the most appropriate certificate to each client based on > the client's capabilities as indicated in the ClientHello message? > could also be answered yes or no > > So what if a user has yes for the first half and no for the second > half, > or vice versa? > > Maybe best to split into two questions. Same goes for q7.
David, I worded it this way because this is exactly what Apache supports and IE does not. If I broke it up into two questions, and someone answered yes for the first one, and no for the second one, they'd need to explain why they allow multiple certs with the same DN in the first place. I think that we need to encourage every survey responder to feel free to elaborate on any answer, even if it's a simple yes/no question. Would that help? > Other minor comments below: > > Q8, Q14, and Q17a) and Q20b) and Q22a) add (tick all that apply) OK, but do you mind if I say "check" instead of "tick"? ;^) I think that's a Britishism. > Q9 d. other add Please specify. Done > Q17b. What answer are you looking for? If its the numbers 1 to 9 in the > order of support, then state this (in brackets). Done > Q20 c. and d. are a bit vague. What answers are you looking for? Adam Langley from Google has indicated that not all CRLs are included in Chrome's CRL Set. I was looking for clarity on which ones a CA and/or relying party can expect to be included or not included. -Rick _______________________________________________ wpkops mailing list wpkops@ietf.org https://www.ietf.org/mailman/listinfo/wpkops
