Re: [sidr] Validation reconsidered and X.509v3 extension OIDs

Stephen Kent <kent@bbn.com> Wed, 20 July 2016 14:22 UTC

Return-Path: <kent@bbn.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B215F12D808 for <sidr@ietfa.amsl.com>; Wed, 20 Jul 2016 07:22:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.488
X-Spam-Level:
X-Spam-Status: No, score=-5.488 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-1.287, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gXV00lIbzovJ for <sidr@ietfa.amsl.com>; Wed, 20 Jul 2016 07:22:29 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.0.80]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A70E112D802 for <sidr@ietf.org>; Wed, 20 Jul 2016 07:22:29 -0700 (PDT)
Received: from ssh.bbn.com ([192.1.122.15]:40921 helo=COMSEC.fios-router.home) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1bPsOF-00082S-LL for sidr@ietf.org; Wed, 20 Jul 2016 10:22:23 -0400
From: Stephen Kent <kent@bbn.com>
To: sidr@ietf.org
References: <20160719111830.12A97412B25E@minas-ithil.hactrn.net>
Message-ID: <1c97d2b8-485d-b208-8cf9-43fdcf27646a@bbn.com>
Date: Wed, 20 Jul 2016 10:22:24 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0) Gecko/20100101 Thunderbird/45.2.0
MIME-Version: 1.0
In-Reply-To: <20160719111830.12A97412B25E@minas-ithil.hactrn.net>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidr/hf9fERvxTKVuzbFSpuEDb0AxGm4>
Subject: Re: [sidr] Validation reconsidered and X.509v3 extension OIDs
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Jul 2016 14:22:35 -0000

Rob,

I agree with your suggestion to create a new OID for this purpose. This 
can be noted in the document under discussion.

I also agree with Russ's comment that the cert policy needs to be 
updated to reflect the fact that use either OID is OK (if we stick with 
one policy OID).

Steve