There were 3 draft-ietf-regext-verificationcode items brought up by Gurshabad
Grover that I captured from the REGEXT Meeting:
1. Clarifying that it’s up to server policy to define the server action
taken when the verification code grace period expires
* I re-reviewed draft-ietf-regext-verificationcode, and it does not
include any language related to the action taken by the server when the
verification code grace period expires. I believe this can be addressed by
adding the following sentence in the Verification Profile section (section 2.2)
of the draft:
i. “…the
grace period by which the verification code types MUST be set. It is up to
server policy what action to take if the verification code type is not set by
the grace period.”
1. Ensure that the VSP does not modify the data verified after the
verification code is generated
* I’m still not clear what the issue is here, since the role of the VSP
is to perform the verification and to generate the verification code when the
verification has been successfully completed. The
draft-ietf-regext-verificationcode does not define the interface used by the
VSP and does not define the policies of how the verification is performed.
* Gurshabad, can you share your issue on the list to help clarify how
the draft would address it?
2. Include a HRPC section in draft-ietf-regext-verificationcode
* This is being discussed actively on the list, but at present I believe
that we can address the feedback without adding a new section to the document.
If the IESG changes the default structure of the document to add a new section,
then it can certainly be added.
Let me know if I missed anything and share your feedback on the list for the
items above.
Thanks,
—
JG
[cid:image001.png@01D255E2.EB933A30]
James Gould
Distinguished Engineer
jgo...@verisign.com
703-948-3271
12061 Bluemont Way
Reston, VA 20190
Verisign.com<http://verisigninc.com/>
_______________________________________________
regext mailing list
regext@ietf.org
https://www.ietf.org/mailman/listinfo/regext
