Internet X.509 Public Key Infrastructure Repository Locator Service
RFC 4386

Note: This ballot was opened for revision 04 and is now closed.

(Harald Alvestrand) Discuss

Discuss (2005-02-11 for -)
Note: This document asked for experimental publication. It should not be that hard to get an experiment off the ground. But it doesn't say anything about what its success criteria are.

I've dropped the comment about the _LDAP and so on labels; it turns out that we are continuing down a road beaten by IMPP. But still:

If choosing among protocols is by sequentially probing all combinations, that should be stated. The example only shows a single protocol.
Comment (2005-02-11 for -)
No email
send info
Reviewed by Michael Patton for GEN-ART. Review at:

(Russ Housley) Yes

(Steven Bellovin) No Objection

Comment (2004-02-18 for -)
No email
send info
Nit:  the document uses example.test.  It should be or test.example or some such, per RFC 2606.

(Brian Carpenter) No Objection

Comment (2005-05-01 for -)
No email
send info
I'm clearing Harald's DISCUSS due to my incompetence on DNS issues, and a desire not to 2nd guess the WG, but the Internet ADs need to look.

There are some editorial issues:

OCSP is mentioned but isn't a very well known acronym. It would be
appropriate to give an informative reference for it (and for LDAP and
HTTP for consistency).

The references aren't separated between Normative and Informative, and
aren't cited with [...].

The boilerplate is out of date (and the new boilerplate will be
enforced as of May 6th).

(Ned Freed) No Objection

(Ted Hardie) (was Discuss) No Objection

Comment (2004-02-18)
No email
send info

 "the knowledge information necessary to identify" should probably either
be "the knowledge" or "the information".

(Scott Hollenbeck) No Objection

Comment (2004-03-17 for -)
No email
send info
The references should be formatted as described in the ID nits document, and cited appropriately within the document.

Section 2: character values are sometimes hard to determine depending on the application used to view the text.  Suggest replacing '"_" character' with '"_" character (value 0x005F)' to be clear about the prepend character used in the RR.

(David Kessens) No Objection

(Allison Mankin) (was Discuss) No Objection

Comment (2004-03-18)
No email
send info
SMB pointed out that certificates are verifiable, and therefore DNSSEC is
not needed, by contrast with our usual SRV-located resources.  Therefore I've
cleared my Discuss.

(Jon Peterson) No Objection

(Bert Wijnen) No Objection

(Alex Zinin) No Objection