anima-wg / voucher

Other
0 stars 3 forks source link

why is only serial-number mandatory #44

Open mcr opened 1 year ago

mcr commented 1 year ago
> 21) Preamble: Section 6.1: To confirm, this tree seems to suggest that
> a voucher consists of a mandatory serial number and a bunch of optional
> parameters.  All of them are optional and they can occur in any
> combination.

> 22) Actually, I don't think this is quite correct, as there are some
> interdependencies.  Specifically, you indicate later that you cannot 
> have both a nonce and an expires-on.  Why did not choose to represent
> this via an optional choice?  (It would be preferrable to indicate it
> that way - clearer structure, less context dependencies, easier edit
> configurations (should that ever be necessary), etc.)
mcr commented 1 year ago
> 23) From your descriptions of the data nodes, it seems that there are
> other interdependencies.   For example, what is the relationship
> between "pinned-domain-cert", "pinned-domain-pubk",
> "pinned-domain-pubk-sha256"?  If they are alternatives, again, I would
> put them in a choice.  If there are some other data nodes that should
> be present with one of the alternatives, but not others
> (e.g. "comain-cert-revocation-checks"?), those should be included as
> part of the choice.  Are there any other such interdependencies?