Re: Evaluation: draft-ietf-pkix-wlan-extns - Certificate Extensions and Attributes Supporting

[Russ Housley <housley@vigilsec.com>]

Margaret:

> (1) If I understand correctly, the list of SSIDs that a particular 
> certificate applies to will be passed around in the certificate itself... 
> The security considerations section does say (one way or the other) 
> whether this information would be sensitive in any way. Should I presume 
> that it isn't?
Some security experts recommend that the SSID be masked in the beacon sent 
out by the Access Point (AP).  They believe that this makes it harder for 
an attacker to find the correct AP to target.  However, there is other 
traffic that includes the SSID, so this practice really only makes it a 
pain for the legitimate users.  The point that was trying to be made here 
is that placing the SSID in the certificate does not make matters worse.

> (2) The IANA considerations section says that this document defines OIDs 
> from the IANA-owned space. How do we make sure that we don't have 
> conflicts in those assignments?
The PKIX working group was given a chunk of the OID space.  A single person 
(me) manages that space on behalf of the working group.  This has been the 
practice since the PKIX working group was formed.

Russ