Update to DirectoryString Processing in the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
RFC 4630
Yes
No Objection
Recuse
Note: This ballot was opened for revision 03 and is now closed.
Lars Eggert No Objection
(Sam Hartman; former steering group member) (was Discuss, Yes) Yes
(Bill Fenner; former steering group member) No Objection
(Brian Carpenter; former steering group member) No Objection
(actually picked up by David Black's Gen-ART review of the previous draft) This sentence in section 5 lacks a verb: | When the subjectAltName extension contains a DN in the directoryName, | the same encoding preference as in 4.1.2.4.
(Cullen Jennings; former steering group member) No Objection
I am concerned about how the visual comparisons of names security problem will be solved. I would be supportive of text that pointed out the problem and did not try to provide a solution. I would change to a discuss if we put in text that required anyone to implement something that is a research problem.
(Dan Romascanu; former steering group member) No Objection
(Jari Arkko; former steering group member) No Objection
(Jon Peterson; former steering group member) No Objection
(Lisa Dusseault; former steering group member) No Objection
(Magnus Westerlund; former steering group member) No Objection
The security consideration section seems very strange: The replacement text is much clearer. The direction is much less prone to implementation error. Also, the use of consistent encoding for name components will ensure that name constraints work as expected. As a minimal it seems to be lacking a reference to the base line in RFC 3280 that it tries to change. But also the statement that this should be more secure is not really clear on what aspects and why. I expect this to be fixed when taking care of the Discuss about the similar looking names.
(Mark Townsley; former steering group member) No Objection
(Ross Callon; former steering group member) No Objection
(Ted Hardie; former steering group member) No Objection
(Russ Housley; former steering group member) Recuse