Javascript disabled? Like other modern websites, the IETF Datatracker relies on Javascript. Please enable Javascript for full functionality.

Clearance Attribute and Authority Clearance Constraints Certificate Extension
draft-ietf-pkix-authorityclearanceconstraints-03

Yes

(Tim Polk)

No Objection

(Adrian Farrel)

(Alexey Melnikov)

(Cullen Jennings)

(Dan Romascanu)

(Jari Arkko)

(Lars Eggert)

(Lisa Dusseault)

(Magnus Westerlund)

(Pasi Eronen)

(Ralph Droms)

(Ron Bonica)

(Ross Callon)

(Russ Housley)

Note: This ballot was opened for revision 03 and is now closed.

Tim Polk Former IESG member

Yes

Yes () Unknown

Adrian Farrel Former IESG member

(was Discuss) No Objection

No Objection (2009-11-17) Unknown

Section 7 says:

   The algorithm described in here has the idempotency, associative, and 
   commutative properties, like the rest of the processing rules in this 
   document.      

I am not sure that all of the processing rules in the document are 
idempotent, associative, and commutative. Maybe best to drop the final
clause?

---

Appendix
I don't object, but...
   This appendix provides the normative ASN.1 definitions for 
   the structures described in this specification using ASN.1 as defined 
   in X.680. 
If the material is normative, perhaps it should be moved into the main
body of the document.

---

Appendix

   -- The following is a '02 version for clearance. 

Do we really need this in the RFC? I assume this is from the -02 
revision of the I-D.

---

Nit

Section 1
Since [RFC3281bis] does not permit chain of ACs,
s/chain/ chain/

Alexey Melnikov Former IESG member

No Objection

No Objection () Unknown

Cullen Jennings Former IESG member

No Objection

No Objection () Unknown

Dan Romascanu Former IESG member

(was Discuss) No Objection

No Objection () Unknown

Jari Arkko Former IESG member

No Objection

No Objection () Unknown

Lars Eggert Former IESG member

No Objection

No Objection () Unknown

Lisa Dusseault Former IESG member

No Objection

No Objection () Unknown

Magnus Westerlund Former IESG member

No Objection

No Objection () Unknown

Pasi Eronen Former IESG member

No Objection

No Objection (2009-11-17) Unknown

Section 5.1: there are potentially two certification paths of interest
when using ACs (one for the AA, another for the end-entity); it would
be helpful if the text said "certification path for the AA" whenever
it talks about paths here.

Section 9: "If there is no Clearance associated with a TA, it means
that the TA has not been assigned any clearance." Should this be
"..., it means the TA is not constrained"?

Ralph Droms Former IESG member

No Objection

No Objection () Unknown

Ron Bonica Former IESG member

No Objection

No Objection () Unknown

Ross Callon Former IESG member

No Objection

No Objection () Unknown

Russ Housley Former IESG member

No Objection

No Objection () Unknown

Clearance Attribute and Authority Clearance Constraints Certificate Extension draft-ietf-pkix-authorityclearanceconstraints-03

Clearance Attribute and Authority Clearance Constraints Certificate Extension
draft-ietf-pkix-authorityclearanceconstraints-03