I concur with Filip's perspective.
On Wed, Feb 26, 2025, 4:21 PM Filip Skokan wrote:
> I believe it is inappropriate and wildly out of scope for an oauth
> document to define X.509 extensions, which IIUC is needed in order to
> define the Status Claim for X.509? The important thing to make sure
I'd like to request about 15 minutes to discuss Transaction Tokens.
On Fri, Feb 21, 2025 at 11:57 AM Michael Jones
wrote:
> I request 20 minutes to discuss draft-ietf-oauth-rfc7523bis. Either
> session would be fine.
>
>
>
> Thanks
X.509 already has its own revocation infrastructure (in fact, more than one
kind!). We needn’t complicate this spec to add another one for X.509.
-- Mike
From: Brian Campbell
Sent: Wednesday, February 26, 2025 4:46 PM
To: Filip Sk
I believe it is inappropriate and wildly out of scope for an oauth document
to define X.509 extensions, which IIUC is needed in order to define
the Status Claim for X.509? The important thing to make sure is that the
document does not preclude a future X.509 extension being drafted (wherever
its ap
(chair hat off)
Hi Filip, Hi all,
this sounds like feature creep to me. I brought this work on status
lists to the attention of the IETF LAMPS group, and there was zero
interest from the PKI community in this type of solution. The PKIX
community already has a wide range of established solutio
