abierman
commented
1 week ago I do not see why both permit and deny are needed in this case. What happens for a value in neither list?
This is related to #80 and #107
This sub-statement is applicable if the restriction is applied to every server implementation.
A shorthand form instead of a complex must/when expression would be much easier to use
Must Do: complexity: medium, bc: high, importance: high
lllyfeng
the current identity-ref type only have base statements to indicate the identites dervied from base identity can be acceptable values. But it's not enough. For example, If an identity-ref' base is iana-interface-type, but ddnX25 which is dervied from iana-interface-type is not allowed. How to express it? So, I suggest add 'permit'/'deny' statements to base statement. Like this: type identity-ref {
base iana:iana-interface-type { permit xxxx; deny xxxx; } }