Hello,
I will do a top to bottom review tomorrow when I am fresh, and return my
revisions in XML format. I wanted to specifically comment about two of the
issues listed below. Please see my comments inline.
On Mon, Feb 3, 2025 at 5:21 PM <rfc-edi...@rfc-editor.org> wrote:
> Rohan,
>
> While reviewing this document during AUTH48, please resolve (as necessary)
> the following questions, which are also in the XML file.
>
> 1) <!--[rfced] We note a small discrepancy between the ASN.1 snippet in
> Section 3 and the ASN.1 in Appendix A: the { character at the end
> of the "id-kp" line in Section 3 is on the following line in the
> Appendix. Please review and let us know if/how to make these
> consistent. Might it be possible to simply point the reader to
> Appendix A instead of repeating the code?
>
> Original (Section 3):
> id-kp OBJECT IDENTIFIER ::= {
> iso(1) identified-organization(3) dod(6) internet(1)
> security(5) mechanisms(5) pkix(7) kp(3) }
>
> id-kp-imUri OBJECT IDENTIFIER ::= { id-kp TBD1 }
>
> Original (Appendix A):
> id-kp OBJECT IDENTIFIER ::=
> { iso(1) identified-organization(3) dod(6) internet(1)
> security(5) mechanisms(5) pkix(7) kp(3) }
>
>
> id-kp-imUri OBJECT IDENTIFIER ::= { id-kp TBD1 }
>
> -->
>
I followed the formatting conventions of other similar registrations,
including RFC9509, which is the most recent registration of an Extended Key
Purpose. It also places the opening curly brace in a different location in
the textual definition than it does in the MIB. I would tend to keep the
status quo unless there is consensus otherwise from the chairs and ADs.
> 2) <!--[rfced] Might it be beneficial to the reader to replace "This"
> with the antecedent? If so, we will also use the necessary <tt>
> marking in the xml.
>
> Original:
> This extended key purpose does not introduce new security risks but
> instead reduces existing security risks by providing means to identify
> if the certificate is generated to sign IM identity credentials.
>
> Perhaps:
> The KeyPurposeId id-kp-imUri does not introduce new security risks;
> instead, it reduces existing security risks by providing means to
> identify if the certificate is generated to sign IM identity
> credentials.
>
> -->
>
In my copy of the XML, I replaced the beginning of the sentence with:
"The <tt>id-kp-imUri</tt> Extended Key Purpose does not introduce"... as it
is the Extended Key Purpose, not its identifier, that has security
properties and characteristics.
(I accepted the other suggestions, which are already in my copy of the XML.)
Many thanks,
-rohan
--
auth48archive mailing list -- auth48archive@rfc-editor.org
To unsubscribe send an email to auth48archive-le...@rfc-editor.org
