[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sip] R-CERTS in draft-ietf-sip-media-security-requirements

To: Dan York <dyork at voxeo.com>, 'Dan Wing' <dwing at cisco.com>, IETF SIP List <sip at ietf.org>
Subject: Re: [Sip] R-CERTS in draft-ietf-sip-media-security-requirements
From: Richard Barnes <rbarnes at bbn.com>
Date: Fri, 02 May 2008 17:11:22 -0400
Delivered-to: ietfarch-sip-web-archive at core3.amsl.com
Delivered-to: sip at core3.amsl.com
In-reply-to: <EB382A4A-0F6C-46BA-BF7A-2E2C3BAE7F89@voxeo.com>
List-help: <mailto:sip-request@ietf.org?subject=help>
List-id: Session Initiation Protocol <sip.ietf.org>
List-post: <mailto:sip@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
References: <036701c8a3dc$b0779a20$c2f0200a@cisco.com> <DDD632E2-1EE2-4023-98AD-20A02BF673C7@voxeo.com> <481B14BA.8000803@bbn.com> <EB382A4A-0F6C-46BA-BF7A-2E2C3BAE7F89@voxeo.com>
Sender: sip-bounces at ietf.org
User-agent: Thunderbird 2.0.0.14 (Windows/20080421)

> DY> I guess I could see the possibility of a "protocol" being created 
> where it was mandated that the endpoints had to do a check of a cert 
> against central public CAs.  That's not what I think we want.   Perhaps 
> I am using a wider definition of a "protocol" than you are.

Ah, that gives me an idea.  What you're trying to rule out is a protocol 
that says "You MUST only accept a cert that chains to an issuer X" 
(where X=Verisign, for example).  What this requirement is really saying 
is that the protocol needs to stay out of the way of the policy.

So how about this for a requirement:

R-CERTS:
The media security key management protocol MUST NOT constrain the set of 
certificates that can be used as trust anchors in certificate verification.


--RB

_______________________________________________
Sip mailing list  https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors at cs.columbia.edu for questions on current sip
Use sipping at ietf.org for new developments on the application of sip

Follow-Ups:
- Re: [Sip] R-CERTS in draft-ietf-sip-media-security-requirements
  - From: Richard Barnes

References:
- [Sip] R-CERTS in draft-ietf-sip-media-security-requirements
  - From: Dan Wing
- Re: [Sip] R-CERTS in draft-ietf-sip-media-security-requirements
  - From: Dan York
- Re: [Sip] R-CERTS in draft-ietf-sip-media-security-requirements
  - From: Richard Barnes
- Re: [Sip] R-CERTS in draft-ietf-sip-media-security-requirements
  - From: Dan York

Prev by Date: Re: [Sip] R-CERTS in draft-ietf-sip-media-security-requirements
Next by Date: Re: [Sip] R-CERTS in draft-ietf-sip-media-security-requirements
Previous by thread: Re: [Sip] R-CERTS in draft-ietf-sip-media-security-requirements
Next by thread: Re: [Sip] R-CERTS in draft-ietf-sip-media-security-requirements
Index(es):
- Date
- Thread