[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Hipsec] I-D Action:draft-ietf-hip-cert-02.txt

Mattes, David kirjoitti:

Hi Samu,

Quick work!  Thank you!

I still have an issue with Sections 3 and 4, with the statement:
   "HITs need to be enclosed within the certificates, when using X.509.v3
   certificates to transmit information related to HIP hosts."

Why is this necessary?  Can you either elaborate in the draft, or change "need to" to "can"?
It can be changed to "can". Altough, the HIT will be there for most cases, but not all. 



Editorial nit:
Section 2, Last paragraph, Sentence 2: s/LDAP URL/DN



OK



Now I need to read the signaling draft!

Thank you,
David


-----Original Message-----
From: hipsec-bounces at ietf.org [mailto:hipsec-bounces at ietf.org] On Behalf
Of Samu Varjonen
Sent: Monday, October 26, 2009 4:32 AM
Cc: hipsec at ietf.org
Subject: Re: [Hipsec] I-D Action:draft-ietf-hip-cert-02.txt

Hi,

This is the new version of the HIP certificates.

Modifications include:
- Editorial changes according to the discussions on the mailing list.
- Added new types for DN and LDAP URL
- Added signaling discussion and reference to the heer-hip-service-00

Open questions:

1. Should signaling be defined specifically for hip-cert?

Seems like overlapping work because hip-service already defines a
generic way to signal the requirements and failures but it is individual
submission.

2. Should hip-service be adopted as WG item and handled in bundle with
   hip-cert?

Because the signaling is needed for the hosts to signal the need for a
certificate or for a chain of certificates. But referencing hip-service
cannot be done unless its taken forward at the same pace.

3. Or should the hip-cert be more generic?

Then hip-cert would be about just the parameter and the signaling of
requirements and failures would be left to other documents such as
hip-service to handle (but which would progress on its own pace).

4. Gathering use case scenarios and adding examples to the draft?

5. Add new examples?

If something seems to be missing or off. Please, inform me.

Comments are welcome as usual.

BR,
Samu Varjonen

Internet-Drafts at ietf.org wrote:

A New Internet-Draft is available from the on-line Internet-Drafts

directories.

This draft is a work item of the Host Identity Protocol Working Group of

the IETF.


	Title           : HIP Certificates
	Author(s)       : T. Heer, S. Varjonen
	Filename        : draft-ietf-hip-cert-02.txt
	Pages           : 10
	Date            : 2009-10-26

This document specifies a certificate parameter called CERT for the
Host Identity Protocol (HIP).  The CERT parameter is a container for
X.509.v3 certificates and for Simple Public Key Infrastructure (SPKI)
certificates.  It is used for carrying these certificates in HIP
control packets.  Additionally, this document specifies the
representations of Host Identity Tags in X.509.v3 and in SPKI
certificates.

A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-hip-cert-02.txt

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.


------------------------------------------------------------------------

_______________________________________________
Hipsec mailing list
Hipsec at ietf.org
https://www.ietf.org/mailman/listinfo/hipsec

_______________________________________________
Hipsec mailing list
Hipsec at ietf.org
https://www.ietf.org/mailman/listinfo/hipsec



--
BR,
Samu

"Programmer is an organism that changes caffeine into code"