Storing Certificates in the Domain Name System (DNS)
RFC 4398

Note: This ballot was opened for revision 09 and is now closed.

(Margaret Cullen) Yes

(Brian Carpenter) No Objection

Comment (2005-10-13 for -)
No email
send info
(From Gen-ART review by John Loughney)

One question, on the top of page 3:

   ... Note that two different keys
   may have the same key tag.  However, the key must always be
   transformed to the format it would have as the public key portion of
   a DNSKEY RR before the key tag is computed.  

Just curious about the lower-case may and must here - should they use
RFC 2119 terminology ...?

(Bill Fenner) No Objection

Comment (2005-10-12 for -)
No email
send info
Ignorant question: are there other uses that put keys into the DNS with a direct email->DNS translation of @->.?  It seems like this would introduce potential conflicts with actual host names, e.g., I want to put my X.509 key into DNS so I use fenner.research.att.com; if I then try to register my machine via DHCP + Dynamic DNS, my update is denied because it gives a prerequisite such as "prereq nxdomain fenner.research.att.com" (sorry for the BIND-specific wording) and the prereq can't be satisfied.

(I realize this is a bis document, so perhaps it's too late to have this concern anyway.)

(Sam Hartman) No Objection

(Scott Hollenbeck) (was Discuss) No Objection

(Russ Housley) No Objection

Comment (2005-10-12 for -)
No email
send info
  Please change "IPSEC" to "IPsec" throughout the document.

  Please add a reference to section 9 in the Introduction.

  Personally, I would like to see values assigned for Attribute
  Certificates (see RFC 3281), but I am not going to block the
  document for them to be added.

(David Kessens) No Objection

(Allison Mankin) No Objection

Comment (2005-10-13 for -)
No email
send info
I suggest adding to Section 2.1 a note that the values in the table are initial values for
an IANA registry, and point to the IANA Considerations.

For history's sake, it would be good to add to the changes since RFC2538:  creation of the
IANA registry of the Certificate Type Values.

(Jon Peterson) No Objection

(Mark Townsley) No Objection

(Bert Wijnen) No Objection

(Alex Zinin) No Objection

(Ted Hardie) Abstain