I believe it is inappropriate and wildly out of scope for an oauth document to define X.509 extensions, which IIUC is needed in order to define the Status Claim for X.509? The important thing to make sure is that the document does not preclude a future X.509 extension being drafted (wherever its appropriate place may be) that makes use of the status list, and that already appears to be the case.
S pozdravem, *Filip Skokan* On Fri, 7 Feb 2025 at 14:57, Christian Bormann <chris.bormann= 40gmx...@dmarc.ietf.org> wrote: > Hi all, > > > > While going through the feedback and issues on github, there was one > bigger discussion point that we would like to bring to the mailing list. > Steffen Schwalm asked for support for X.509 Certificate revocation with the > Status List - in that case the Status List describing the status of an > X.509 Certificate (relevant issue > https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/243). > That would mean defining an extension to X.509 to embed the relevant > information for a Status List (URI and index) and creating validation rules > etc. > > > > While we understand the general motivation as is discussed in more detail > in the issue, it would be somewhat of a change of scope for the Status List > draft. We felt it might be out of scope of the OAuth Working Group and > rather in scope of other working groups like lamps? Any comments/opinions > would be appreciated! > > > > Best Regards, > > Christian Bormann > _______________________________________________ > OAuth mailing list -- oauth@ietf.org > To unsubscribe send an email to oauth-le...@ietf.org >
_______________________________________________ OAuth mailing list -- oauth@ietf.org To unsubscribe send an email to oauth-le...@ietf.org
