Updates to the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
RFC 6818

Approval announcement
Draft of message to be sent after approval:

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: RFC Editor <rfc-editor@rfc-editor.org>,
    pkix mailing list <pkix@ietf.org>,
    pkix chair <pkix-chairs@tools.ietf.org>
Subject: Protocol Action: 'Updates to the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile' to Proposed Standard (draft-ietf-pkix-rfc5280-clarifications-11.txt)

The IESG has approved the following document:
- 'Updates to the Internet X.509 Public Key Infrastructure Certificate
   and Certificate Revocation List (CRL) Profile'
  (draft-ietf-pkix-rfc5280-clarifications-11.txt) as Proposed Standard

This document is the product of the Public-Key Infrastructure (X.509)
Working Group.

The IESG contact persons are Sean Turner and Stephen Farrell.

A URL of this Internet Draft is:
http://datatracker.ietf.org/doc/draft-ietf-pkix-rfc5280-clarifications/


Technical Summary

Since the publication of RFC 5280 in May of 2008, several areas have
been identified where the document was not clear, thus motivating a
“clarifications” update. Experience with CA use of the Certificate
Policies extension motivated a change to allow (MAY) use of BMPString.
The DANE WG requested that PKIX clarify make an explicit (positive)
statement about self-signed certificates that are not marked as CA
certificates. PKIX published an informational RFC (5937) and a standards
track RFC (5914) related to trust anchor formats and constraints
processing by a relying party. This document updates 5280 to point to
these documents. Experience with IDNs motivated a minor update to align
the details of how such names are processed. The Secruity Considerations
section was updated to reflect experience with attacks against CAs. This
document addresses all of these issues. 

Working Group Summary

Most of the clarifications in this document were not contentious, except
for the self-signed certificate text. Numerous revisions were required
to develop text that was acceptable to the WG. The original document
editor was replaced as part of this process. He elected to no longer be
listed as an author, but he is thanked in the Acknowledgements section. 

Document Quality

This is a very small document and is well written. Most of the
clarifications are motivated by experience with existing implementations
of CA or RP software. There is no need for a MIB doctor review, there
are no Media Types, etc. 

Personnel

Steve Kent is the Document Shepherd, and Sean Turner the Responsible
Area Director.