> On May 23, 2022, at 12:33, Martin Duke via Datatracker <nore...@ietf.org> > wrote: > > Martin Duke has entered the following ballot position for > draft-ietf-tls-subcerts-14: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to > https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ > for more information about how to handle DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-tls-subcerts/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > A question to remedy by ignorance of ASN.1: > > How customary is it for the final standard to use an ASN.1 codepoint from > Cloudflare's private namespace? In other contexts I would expect change > control > to lie with a more public institution. > > Put another way, what would happen if Cloudflare were purchased by EvilCorp > one > day?
I believe the WG did discuss switching the OID to the PKIX arc, but an OID is like you age - it’s just a number. Once assigned, nobody can really take it back. As far as common, it happens - I am hesitant to say all the time, but it is not uncommon. There are OIDs for modules, extensions, and algorithms out of company arcs and gov’t arcs. E.g., Digest algorithms: SHA*-> Gov’t x25519, x448, Ed25519, Ed448 (RFC 8410) -> Thwate arc. TAMP (RFC 5934) -> Gov’t Arc. I am sure there are more. spt _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
