Re: [Hipsec] I-D Action:draft-ietf-hip-cert-02.txt

[Miika Komu <miika.komu at hiit.fi>]

Samu Varjonen wrote:

Hi,

> Hi,
>
> This is the new version of the HIP certificates.
>
> Modifications include:
> - Editorial changes according to the discussions on the mailing list.
> - Added new types for DN and LDAP URL
> - Added signaling discussion and reference to the heer-hip-service-00

nice work!

> Open questions:
>
> 1. Should signaling be defined specifically for hip-cert?
>
> Seems like overlapping work because hip-service already defines a 
> generic way to signal the requirements and failures but it is individual 
> submission.

I think the certificate draft should be an independent of other 
extension mechanisms. So, the signaling should be handled in the service 
draft.

> 2. Should hip-service be adopted as WG item and handled in bundle with
>   hip-cert?
>
> Because the signaling is needed for the hosts to signal the need for a 
> certificate or for a chain of certificates. But referencing hip-service 
> cannot be done unless its taken forward at the same pace.

I believe the service draft would be valuable as a working group item.

> 3. Or should the hip-cert be more generic?
>
> Then hip-cert would be about just the parameter and the signaling of 
> requirements and failures would be left to other documents such as 
> hip-service to handle (but which would progress on its own pace).

I think the draft is quite fine as it is now.

> 4. Gathering use case scenarios and adding examples to the draft?

No, let's keep it generic.

> 5. Add new examples?

Not really needed.

> If something seems to be missing or off. Please, inform me.

The draft has been there for some while, maybe it should go to last call 
as soon as possible. At least the original dead line seems to have 
passed already:

http://www.ietf.org/dyn/wg/charter/hip-charter.html

Jul 2009	  	Submit Certs in HIP base exchange specification to the IESG

> Comments are welcome as usual.
>
> BR,
> Samu Varjonen
>
> Internet-Drafts at ietf.org wrote:
> > A New Internet-Draft is available from the on-line Internet-Drafts 
> > directories.
> > This draft is a work item of the Host Identity Protocol Working Group 
> > of the IETF.
> >
> >
> >     Title           : HIP Certificates
> >     Author(s)       : T. Heer, S. Varjonen
> >     Filename        : draft-ietf-hip-cert-02.txt
> >     Pages           : 10
> >     Date            : 2009-10-26
> >
> > This document specifies a certificate parameter called CERT for the
> > Host Identity Protocol (HIP).  The CERT parameter is a container for
> > X.509.v3 certificates and for Simple Public Key Infrastructure (SPKI)
> > certificates.  It is used for carrying these certificates in HIP
> > control packets.  Additionally, this document specifies the
> > representations of Host Identity Tags in X.509.v3 and in SPKI
> > certificates.
> >
> > A URL for this Internet-Draft is:
> > http://www.ietf.org/internet-drafts/draft-ietf-hip-cert-02.txt
> >
> > Internet-Drafts are also available by anonymous FTP at:
> > ftp://ftp.ietf.org/internet-drafts/
> >
> > Below is the data which will enable a MIME compliant mail reader
> > implementation to automatically retrieve the ASCII version of the
> > Internet-Draft.
> >
> >
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > Hipsec mailing list
> > Hipsec at ietf.org
> > https://www.ietf.org/mailman/listinfo/hipsec
>
> _______________________________________________
> Hipsec mailing list
> Hipsec at ietf.org
> https://www.ietf.org/mailman/listinfo/hipsec