Forums » #65 - Grid Certificate Profile »
Quick public comment
Added by Jens Jensen about 9 years ago
I know I am a coauthor but sometimes you just need to leave a little time and then read it again. Comments below.
--jens
Section 1, p.3: note that this document may contradict RFC5280, in
which case this document SHOULD take precedence.
Section 2.4 : there is a difference between the table in the section
which says key identifiers are "advised" but 2.4.7 says MUST. Suggest
fixing the table. See also footnote 18.
3.3.1. It is correct that "@" can be encoded in IA5String, but you
can not use IA5String as an encoding for CN, O, etc., so you will have
to use UTF-8, if you are foolish enough to want to include this. This
point needs fixing.
3.3.3. Again, you cannot use IA5String for commonName.
Do we really want to call the hyphen wildcard a design "flaw." Maybe
"legacy feature" would be more PC.
3.3.4. I would recommend splitting DC into its own subsection, and
cover C, ST, L, at al in this section. The difference being that
IA5String is RECOMMENDED for DC, and the others MUST be either
printableString or UTF-8. Otherwise the section could be misread.
Footnote 30, Firefox 1.5 and IE6 are not really modern
browsers
Footnote 31: printableString is only a subset of IA5 in the sense of
the characters it can encode, not in terms of the encoding. Their use
is distinct.
Footnote 54: the successor to RFC3280 is RFC5280...?!
4.2. "...are equivalent..." -> "...are considered equivalent..." ??