Document Details - IPNNI-2021-00085R000.docx
| Document Details | |
| Name |  IPNNI-2021-00085R000.docx (783K) |
| Revision | 0 |
| Description | Updates to the certificate profile defined in draft ATIS-1000080.v004: 1. Strengths the serial number requirements to match CAB Forums requirements. 2. Requires that only the BasicConstraints and Key Usage extensions be marked as critical. 3. Requires the Subject Key Identifier extension be generated securely instead of just recommending it. 4. Removes the recently added text indicating the CRL Distribution Point extension is included in intermediate certificates. This should only be used in SCA certificates, not STI intermediate certificates. 5. Removes the recently added text indicating the CRL Distribution Point extension shall include the cRLIssuer field. The Issuer DN of the CRL is not known nor is it necessarily static. It can still be included in SCA certificates. 6. Requires intermediate certificates to use the anyPolicy OID in the policy extension instead of the CP OID. If the CP OID is used, then the intermediate certificate must be replaced every time there is a new CP published. 7. Disallows the TNAuthList extension in STI root and intermediate certificates. The SCA certificate can still include the TNAuthList extension because it is not an STI intermediate certificate. 8. Disallows TNs or TN ranges in the TNAuthList extension of STI end-entity certificates. TNs or TN ranges can still be used in the TNAuthList extension of delegate certificates because they are not STI end entity certificates. 9. Removes the requirement that PASSporTs signed with end entity certificates must be supported by SHAKEN-complaint authentication services. 10. General clarity improvements. It seems like some of the changes to draft ATIS-1000080.v004 were made in order to support delegated certificates. I believe the text as modified still allows for delegated certificates. SCA certificates are not STI intermediate certificates and delegate certificates are not STI end entity certificates. |
| Document State | Contribution ((e.g., text to progress Issues)) |
| Group / Folder | ATIS/SIP Forum IP-NNI Task Force / IPNNI / 2021 |
| Submitter | By Alec Fenichel on Tuesday, 13 July 2021 01:48pm |
| Modified | By Alec Fenichel on Friday, 16 July 2021 01:10am |
| Technical Contact | None Selected |
| Public URL | https://access.atis.org/apps/group_public/document.php?document_id=60399&wg_abbrev=ipnni |
| Document Revisions | |||||
| Name | # | State | Submitter | Date | Action |
2 |
Contribution |
Alec Fenichel |
2021-07-16 |
||
1 |
Contribution |
Alec Fenichel |
2021-07-14 |
||
0 |
Contribution |
Alec Fenichel |
2021-07-13 |
This doc |
|