Hi, I think this is important work. RFC 7925 is a very useful document. While working on
https://tools.ietf.org/html/draft-raza-ace-cbor-certificates-04 https://tools.ietf.org/html/draft-mattsson-tls-cbor-cert-compress-00 I'll deep dived into the certificate profiles specified in Section 4.4 of RFC 7925. As far as I can see draft-tschofenig-uta-tls13-profile does not mandate any X.509 profile at all. I assume it should? I suggest that draft-tschofenig-uta-tls13-profile-03 mandates the certificate profile in RFC 7925. I also have some comments on how the profile could be improved. - An ASN.1 schema for the X.509 would be extremely beneficial. See e.g. the uncomplete ASN.1 schema in Appendix B of draft-raza-ace-cbor-certificates-04 - Is the encoding of EUI-64 as a X.509 text string specified somewhere? In that case a reference would be good. Otherwise the encoding should be specified. - Is pathLenConstraint mandatory to support? In that case, are there any minimum length that is mandatory to support? - For BasicConstraints, the profile states that the only two valid options are "Present and true", and "Absent and therefore false". For the bool critical for all expansions, both "Present and false" and "Absent and therefore false" seems to be valid. Is this intentioanal? Cheers, John _______________________________________________ Uta mailing list Uta@ietf.org https://www.ietf.org/mailman/listinfo/uta
