[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sip] R-CERTS in draft-ietf-sip-media-security-requirements

Works for me.  Thanks for the wording!

I will publish -05 shortly, which will include this revised wording for
R-CERTS.

-d
 

> -----Original Message-----
> From: Richard Barnes [mailto:rbarnes at bbn.com] 
> Sent: Friday, May 02, 2008 2:17 PM
> To: Dan York; 'Dan Wing'; IETF SIP List
> Subject: Re: [Sip] R-CERTS in 
> draft-ietf-sip-media-security-requirements
> 
> Oops, minor revision to please the cert police (who will notice that 
> trust anchors are not certificates).
> 
> R-CERTS:
> The media security key management protocol MUST NOT constrain 
> the set of 
> trust anchors that a peer can use to validate certificates 
> used in the 
> protocol.
> 
> --RB
> 
> 
> 
> Richard Barnes wrote:
> >> DY> I guess I could see the possibility of a "protocol" 
> being created 
> >> where it was mandated that the endpoints had to do a check 
> of a cert 
> >> against central public CAs.  That's not what I think we 
> want.   Perhaps 
> >> I am using a wider definition of a "protocol" than you are.
> > 
> > Ah, that gives me an idea.  What you're trying to rule out 
> is a protocol 
> > that says "You MUST only accept a cert that chains to an issuer X" 
> > (where X=Verisign, for example).  What this requirement is 
> really saying 
> > is that the protocol needs to stay out of the way of the policy.
> > 
> > So how about this for a requirement:
> > 
> > R-CERTS:
> > The media security key management protocol MUST NOT 
> constrain the set of 
> > certificates that can be used as trust anchors in 
> certificate verification.
> > 
> > 
> > --RB
> > 
> > _______________________________________________
> > Sip mailing list  https://www.ietf.org/mailman/listinfo/sip
> > This list is for NEW development of the core SIP Protocol
> > Use sip-implementors at cs.columbia.edu for questions on current sip
> > Use sipping at ietf.org for new developments on the application of sip
> > 
> > 
> 

_______________________________________________
Sip mailing list  https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors at cs.columbia.edu for questions on current sip
Use sipping at ietf.org for new developments on the application of sip