[auth48] Re: [EXTERNAL] [AD] Re: AUTH48: RFC-to-be 9810 for your review

[David von Oheimb via auth48archive]

In the latest proposal you just sent, the middle sentence (apparently 
originating from Quynh)
still reads pretty clumsy and kind to overlaps with the first sentence.
How about this?

The CertTemplate structure allows entities requesting a certificate

to specify the data fields that they want to be included. Typically, 
they are required to provide at least the publicKey field.

A CertTemplate structure is identical to a TBSCertificate structure (see 
[RFC 5280])

but with all fields optional/situational.


    David



On 11.07.25 16:30, John Gray wrote:
I think there is a problem with the rephrasing.  This new proposal 
seems to have an incomplete sentence, and using "wish to get included" 
seems kind of jarring to me.  The phrase "want to be included" would 
be better, I think.

The sentence "The publicKey field is typically required to provide." 
is not complete...

The last sentence is fine

The CertTemplate structure allows entities requesting a certificate
to specify the data fields that they wish to get included.
The publicKey field is typically required to provide. A
CertTemplate structure is identical to a TBSCertificate structure (see 
[RFC 5280])
but with all fields optional/situational.

If you really want to further rephrase it, the following works. I 
think the comment from Quynh wanted to mention data fields and that is 
why publicKey is mentioned, so how about the following:

The CertTemplate structure allows entities requesting a certificate
to specify the data fields that they want to be included.
The structure also allows an end entity or RA to include any other
necessary data, such as the publicKey field, when it is required for 
the certificate.
A CertTemplate structure is identical to a TBSCertificate structure 
(see [RFC 5280])
but with all fields optional/situational.

Cheers,

John Gray

------------------------------------------------------------------------
*From:* Brockhaus, Hendrik <hendrik.brockh...@siemens.com>
*Sent:* Friday, July 11, 2025 2:42 AM
*To:* David von Oheimb 
<David.von.Oheimb=40siemens....@dmarc.ietf.org>; Alanna Paloma 
<apal...@staff.rfc-editor.org>; John Gray <john.g...@entrust.com>
*Cc:* debcool...@gmail.com <debcool...@gmail.com>; Mike Ounsworth 
<mike.ounswo...@entrust.com>; rfc-edi...@rfc-editor.org 
<rfc-edi...@rfc-editor.org>; lamps-...@ietf.org <lamps-...@ietf.org>; 
lamps-cha...@ietf.org <lamps-cha...@ietf.org>; hous...@vigilsec.com 
<hous...@vigilsec.com>; auth48archive@rfc-editor.org 
<auth48archive@rfc-editor.org>
*Subject:* AW: [EXTERNAL] [AD] Re: AUTH48: RFC-to-be 9810 
<draft-ietf-lamps-rfc4210bis-18> for your review

*WARNING: This email originated outside of Entrust.*
DO NOT CLICK links or attachments unless you trust the sender and know 
the content is safe.

I like this rephrasing.

Hendrik

*Von:* David von Oheimb <David.von.Oheimb=40siemens....@dmarc.ietf.org>
*Gesendet:* Freitag, 11. Juli 2025 08:40
*An:* Alanna Paloma <apal...@staff.rfc-editor.org>; John Gray 
<john.g...@entrust.com>
*Cc:* debcool...@gmail.com; Brockhaus, Hendrik (FT RPD CST SEA-DE) 
<hendrik.brockh...@siemens.com>; Mike Ounsworth 
<mike.ounswo...@entrust.com>; rfc-edi...@rfc-editor.org; 
lamps-...@ietf.org; lamps-cha...@ietf.org; hous...@vigilsec.com; 
auth48archive@rfc-editor.org
*Betreff:* Re: [EXTERNAL] [AD] Re: AUTH48: RFC-to-be 9810 
<draft-ietf-lamps-rfc4210bis-18> for your review

Hi Alanna et al.,

I suggest streamlining part of the below mentioned paragraph on the 
CertTemplate structure,
as follows.

  The CertTemplate structure allows entities requesting a certificate
to specify the data fields that they wish to get included.
The publicKey field is typically required to provide. A
CertTemplate structure is identical to a TBSCertificate structure (see 
[RFC 5280])
but with all fields optional/situational.

Regards,

    David

On 10.07.25 21:05, Alanna Paloma wrote:

    Hi John,

    Thank you for your reply.

        I'm okay with the suggested updated text (I agree it is much
        clearer), however there is a typo in it 🙂

        It should be "when it is" instead of "when t is"

          The CertTemplate structure allows an end entity or RA to
        specify as many

        data fields as the structure wishes for the requested
        certificate. The

        structure also allows an end entity or RA to include any other
        necessary data,

        such as the publicKey field, when it is required for the
        certificate. A

        CertTemplate structure is identical to a TBSCertificate
        structure (see [RFC 5280])

        but with all fields optional/situational.

    Thanks for spotting this! We have updated the text accordingly.

/Any email and files/attachments transmitted with it are intended 
solely for the use of the individual or entity to whom they are 
addressed. If this message has been sent to you in error, you must not 
copy, distribute or disclose of the information it contains. _Please 
notify Entrust immediately and delete the message from your system._/
-- 
auth48archive mailing list -- auth48archive@rfc-editor.org
To unsubscribe send an email to auth48archive-le...@rfc-editor.org