Re: [sidr] CP comments

To: Stephen Kent <kent at bbn.com>
Subject: Re: [sidr] CP comments
From: Terry Manderson <terry.manderson at icann.org>
Date: Wed, 4 Nov 2009 16:18:12 -0800
Accept-language: en, en-US
Acceptlanguage: en, en-US
Cc: "sidr at ietf.org" <sidr at ietf.org>
Delivered-to: sidr at core3.amsl.com
In-reply-to: <p06240818c7179bf39a17 at [192.168.1.2]>
List-archive: <http://www.ietf.org/mail-archive/web/sidr>
List-help: <mailto:sidr-request@ietf.org?subject=help>
List-id: Secure Interdomain Routing <sidr.ietf.org>
List-post: <mailto:sidr@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
Thread-index: AcpdkmovHZqaL4jVRb6f7fJbydQFIwAGwuXJ
Thread-topic: CP comments

Hi Steve,

Thanks for reviewing my concerns.

Appears I must have skipped a paragraph in reading.

Thanks
Terry


On 5/11/09 7:03 AM, "Stephen Kent" <kent at bbn.com> wrote:

> Terry,
> 
> IN a message on 10/28 you said:
> 
>> * Section 4.6.1-3 I'd like it made clear that renewal be only to the same
>> subscriber. eg the subscriber before and after renewal is the same. At
>> present it says that only the valid subscriber may request renewal, but
>> allows a new private key. I think there is too much wriggle room in that for
>> a subscriber to renew with someone else's private key.
> 
> 
> I reviewed the CP text and I think this is clear.
> 
> Specifically 4.6.2 says:  "Only the certificate holder or the issuing
> CA may initiate the renewal process."
> 
> And 4.6.3 says: "Renewal procedures must ensure that the person or
> organization
> seeking to renew a certificate is in fact the subscriber (or
> authorized by the subscriber) of the certificate and the legitimate
> holder of the INR associated with the renewed certificate."
> 
> I think these two text sections already address the issue you raised.
> 
> Steve

References:
- [sidr] CP comments
  - From: Stephen Kent

Prev by Date: [sidr] CP comments
Next by Date: [sidr] ISOC roundtable on Securing Routing Information
Previous by thread: [sidr] CP comments
Next by thread: [sidr] ISOC roundtable on Securing Routing Information
Index(es):
- Date
- Thread

Re: [sidr] CP comments

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.