[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Hipsec] I-D Action:draft-ietf-hip-cert-02.txt

To: "'Samu Varjonen'" <samu.varjonen at hiit.fi>
Subject: Re: [Hipsec] I-D Action:draft-ietf-hip-cert-02.txt
From: "Mattes, David" <david.mattes at boeing.com>
Date: Mon, 26 Oct 2009 12:11:44 -0700
Accept-language: en-US
Acceptlanguage: en-US
Cc: "hipsec at ietf.org" <hipsec at ietf.org>
Delivered-to: hipsec at core3.amsl.com
In-reply-to: <4AE588A9.2010105 at hiit.fi>
List-archive: <http://www.ietf.org/mail-archive/web/hipsec>
List-help: <mailto:hipsec-request@ietf.org?subject=help>
List-id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-post: <mailto:hipsec@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
References: <20091026103001.EED8F3A687C at core3.amsl.com> <4AE588A9.2010105 at hiit.fi>
Thread-index: AcpWL4Kx3jC46wozQIy1yjyao900RgAPz0HQ
Thread-topic: [Hipsec] I-D Action:draft-ietf-hip-cert-02.txt

Hi Samu,

Quick work!  Thank you!

I still have an issue with Sections 3 and 4, with the statement:
   "HITs need to be enclosed within the certificates, when using X.509.v3
   certificates to transmit information related to HIP hosts."

Why is this necessary?  Can you either elaborate in the draft, or change "need to" to "can"?

Editorial nit:
Section 2, Last paragraph, Sentence 2: s/LDAP URL/DN


Now I need to read the signaling draft!

Thank you,
David

> -----Original Message-----
> From: hipsec-bounces at ietf.org [mailto:hipsec-bounces at ietf.org] On Behalf
> Of Samu Varjonen
> Sent: Monday, October 26, 2009 4:32 AM
> Cc: hipsec at ietf.org
> Subject: Re: [Hipsec] I-D Action:draft-ietf-hip-cert-02.txt
> 
> Hi,
> 
> This is the new version of the HIP certificates.
> 
> Modifications include:
> - Editorial changes according to the discussions on the mailing list.
> - Added new types for DN and LDAP URL
> - Added signaling discussion and reference to the heer-hip-service-00
> 
> Open questions:
> 
> 1. Should signaling be defined specifically for hip-cert?
> 
> Seems like overlapping work because hip-service already defines a
> generic way to signal the requirements and failures but it is individual
> submission.
> 
> 2. Should hip-service be adopted as WG item and handled in bundle with
>    hip-cert?
> 
> Because the signaling is needed for the hosts to signal the need for a
> certificate or for a chain of certificates. But referencing hip-service
> cannot be done unless its taken forward at the same pace.
> 
> 3. Or should the hip-cert be more generic?
> 
> Then hip-cert would be about just the parameter and the signaling of
> requirements and failures would be left to other documents such as
> hip-service to handle (but which would progress on its own pace).
> 
> 4. Gathering use case scenarios and adding examples to the draft?
> 
> 5. Add new examples?
> 
> If something seems to be missing or off. Please, inform me.
> 
> Comments are welcome as usual.
> 
> BR,
> Samu Varjonen
> 
> Internet-Drafts at ietf.org wrote:
> > A New Internet-Draft is available from the on-line Internet-Drafts
> directories.
> > This draft is a work item of the Host Identity Protocol Working Group of
> the IETF.
> >
> >
> > 	Title           : HIP Certificates
> > 	Author(s)       : T. Heer, S. Varjonen
> > 	Filename        : draft-ietf-hip-cert-02.txt
> > 	Pages           : 10
> > 	Date            : 2009-10-26
> >
> > This document specifies a certificate parameter called CERT for the
> > Host Identity Protocol (HIP).  The CERT parameter is a container for
> > X.509.v3 certificates and for Simple Public Key Infrastructure (SPKI)
> > certificates.  It is used for carrying these certificates in HIP
> > control packets.  Additionally, this document specifies the
> > representations of Host Identity Tags in X.509.v3 and in SPKI
> > certificates.
> >
> > A URL for this Internet-Draft is:
> > http://www.ietf.org/internet-drafts/draft-ietf-hip-cert-02.txt
> >
> > Internet-Drafts are also available by anonymous FTP at:
> > ftp://ftp.ietf.org/internet-drafts/
> >
> > Below is the data which will enable a MIME compliant mail reader
> > implementation to automatically retrieve the ASCII version of the
> > Internet-Draft.
> >
> >
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > Hipsec mailing list
> > Hipsec at ietf.org
> > https://www.ietf.org/mailman/listinfo/hipsec
> 
> _______________________________________________
> Hipsec mailing list
> Hipsec at ietf.org
> https://www.ietf.org/mailman/listinfo/hipsec

Follow-Ups:
- Re: [Hipsec] I-D Action:draft-ietf-hip-cert-02.txt
  - From: Samu Varjonen

References:
- [Hipsec] I-D Action:draft-ietf-hip-cert-02.txt
  - From: Internet-Drafts
- Re: [Hipsec] I-D Action:draft-ietf-hip-cert-02.txt
  - From: Samu Varjonen

Prev by Date: Re: [Hipsec] I-D Action:draft-ietf-hip-bone-03.txt
Next by Date: [Hipsec] I-D ACTION:draft-ietf-hip-hiccups-00.txt
Previous by thread: Re: [Hipsec] I-D Action:draft-ietf-hip-cert-02.txt
Next by thread: Re: [Hipsec] I-D Action:draft-ietf-hip-cert-02.txt
Index(es):
- Date
- Thread