Attendees


John Moehrke
Brett Peterson
Beau
Umesh
Greg Meyer

Document Review


Started from where we left off last time

Certificate Chaining


Update to state the signatures MUST include the complete cert chain

On discovery, 3 options:

  1. Store intermediate certs locally
  2. Use one of the RFC cert extension methods to discover certs
  3. Use the same discovery method you use (DNS, LDAP, etc.)

Certificate Trust


Section is fine.

Would like to find a normative reference

Private Key


Need to update terminology to always refer to private key

Message Wrapping


Update to state: if you do message wrapping, here's how to do it.

Update conformance section to document agreement of the S&T WG

Process Outgoing


CHange NHIND to more neutral language.

Process Incoming


Decrypt then verify that you are holding a multipart/signed message with a valid signature.

Actions


Arien to do a second pass on the spec, then open up for a sub-group call for consensus, prior to full WG call for consensus.