As a box for comments was still available, I answered to two closed
issues. So I wonder if they have been seen.
The comments on these two closed issues are:
a) *The term Issuer SHOULD NOT be used to refer to an entity acting "for
all three roles #220*
I am still not convinced that the role of a "Status Provider" needs
to be considered as separate from the role of the "Status Issuer".
In RFC 5280, the role of the "CRL issuer" is recognized, but the
role for a "CRL Provider" does not exist.
As CRLs and Status List Tokens are similar, I don't see for which
reason we should introduce the role of a "Status Provider".
I noticed that only one "distribution point" (uri) is being used,
but a "CRL issuer" can use several "distribution points".
Why should it be different for a "Status Issuer" ?
See detailed comments at :
https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/220
*b) **Adds an EKU based X.509 certificate extension #246*
Instead of using the Key Usage extension (Section 4.2.1. from RFC
5280) as initially proposed, it has been noticed that the current
proposal
is to use the Extended Key Usage Extension (Section 4.2.1.12 from
RFC 5280).
See detailed comments at:
https://github.com/oauth-wg/draft-ietf-oauth-status-list/pull/246
Denis
_______________________________________________
OAuth mailing list -- oauth@ietf.org
To unsubscribe send an email to oauth-le...@ietf.org
