[Trans] Bad Technical Decision: Closing out the SCT encoding discussion

[Russ Housley <housley@vigilsec.com>]

Stephen:

I strongly disagree with this technical decision.  The content of certificate extensions should be OCTET STRING wrapped ASN.1 structures, and I pointed out the text in RFC 2459 (that remains in RFC 5280) during this discussion.  I am quite concerned with (4) listed below.  I hope you will revisit this decision.

Please treat this as the first step in the appeal of this technical decision.

Russ


On Mar 12, 2015, at 11:21 PM, Melinda Shore wrote:

> Hi, all:
> 
> We've been banging away on the SCT encoding issue for a year,
> and we really must close it out.  Paul and I have been doing due
> diligence on the issue in the background.  We made a concerted effort
> to find technical problems with the current text that would exclude the
> possibility of allowing it in the -bis document.  Here's what we found:
> 
> 1) The proposed encoding does not violate the letter of any
>   specification that we can find,
> 2) Peter Gutmann said that it's not a good idea but it isn't
>   incorrect,
> 3) We checked with the authors of several widely-used pieces of
>   certificate processing software and in every case that person
>   said that the proposed encoding would not cause problems with
>   their code, and
> 4) We verified that the IETF security ADs would not reject the
>   encoding during IESG review
> 
> Basically, in a nutshell, where we've landed is that while the current
> encoding probably isn't the best idea ever, it doesn't violate any
> specification that anybody could identify and it doesn't appear to
> break anything.  So, it's going to stand.  We will not be revisiting
> this issue unless new information is presented.  This includes
> discussion at the upcoming meeting in Dallas.
> 
> Thanks,
> 
> Melinda and Paul
> 
> _______________________________________________
> Trans mailing list
> Trans@ietf.org
> https://www.ietf.org/mailman/listinfo/trans