Roman Danyliw has entered the following ballot position for draft-ietf-tls-subcerts-14: No Objection
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-tls-subcerts/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- ** Section 4 Endpoints will reject delegated credentials that expire more than 7 days from the current time (as described in Section 4.1) based on the default (see Section 3. For clarity, consider: NEW By default, unless set to an alternative value by an application profile (see Section 3), endpoints will reject delegated credentials that expire more than 7 days from the current time (as described in Section 4.1.3). ** Section 7.1 However, they cannot create new delegated credentials. Thus, delegated credentials should not be used to send a delegation to an untrusted party, ... The second sentence doesn’t seem to follow from the first. ** Appendix B The following certificate has the Delegated Credentials OID. For clarity, consider: NEW The following is an example of a delegation certificate which satisfies the requirements described in Section 4.2 (i.e., uses the DelegationUsage extension and has the digitalSignature KeyUsage). ** Appendix B. I will leave to the RFC Editor to decide if using the Watson Ladd’s personal home page (kc2kdm.com) in the certificate SAN is an acceptable example domain name. Editorial Nits ** Abstract. Typo. s/to to/to/ ** Section 4.2. Typo. s/documnt/document/ ** Section 7.6. In the spirit of inclusive language, consider if there is an alternative term to “man-in-the-middle certificate” _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
