[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Sip] updates to draft-ietf-sip-certs

To: IETF SIP List <sip at ietf.org>
Subject: [Sip] updates to draft-ietf-sip-certs
From: Jason Fischl <jason.fischl at gmail.com>
Date: Tue, 8 Sep 2009 21:43:05 -0700
Cc: sip-chairs at ietf.org
Delivered-to: sip at core3.amsl.com
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:from:date:message-id :subject:to:cc:content-type:content-transfer-encoding; bh=QoFKPZoS3Twf7RozruZggpDnhP8O7PdZ2+6eoVEZFTM=; b=JdKbyQzMellUUgCWjzdESBaR1ourXtb5xhBX4pvl/ctUygHuoZ6HUVSlHxJdh/o+of f06IG+GZg6iCPf+FXAO+henziN36bLrtJtOLlIAGs3G77BfJqjtLZ+/kbjRU2z2Oeasd ZtyllU7PwewAOmQXeVYjSqcCj7nIk7Bw2xz5Q=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:from:date:message-id:subject:to:cc:content-type :content-transfer-encoding; b=eVZQCo3LsMeAhpFozcj4Zx/+frI4/BtUCRdeGYVMfSuEFgEgNpnqa6zc7MgtaSVFHF A6AdSu1mfP452cnozk1smyV/QcmcpnP688DGCLmKXZRXcU1OoA1Li+J8h/AJT+VFSKhn KTtYL8InJlBsHTqEPmjWNYWQJt2X7ycINVJsM=
List-archive: <http://www.ietf.org/mail-archive/web/sip>
List-help: <mailto:sip-request@ietf.org?subject=help>
List-id: Session Initiation Protocol <sip.ietf.org>
List-post: <mailto:sip@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>

Based on a Gen-ART review, I've updated the document. Thanks to Suresh
Krishnan for the review. Most of these changes were in
draft-ietf-sip-certs-08.

http://www.ietf.org/id/draft-ietf-sip-certs-09.txt.

* Section 3 deployment scenario 3
> How is the password phrase conveyed to the UA if the credential server
> generates the credentials?
>

The text was a bit confusing as it describes two different scenarios.
I think it should really only be describing the scenario where there
is no pass phrase and the credential server itself generates the
credentials.  Modified the text to be:

3.  Deployments where the credential server generates and stores the
certificates
     and private keys. Deployments such as these may not
     use password phrases. Consequently, the private keys are not
     encrypted inside the PKCS#8 objects.  This style of deployment
     would often have the credential server, instead of the devices,
     create the credentials.

>
> * Section 7.9
>
> I think it needs to be mentioned here that the initial publish will not
> contain a SIP-If-Match header as there is no previous etag. If a
> SIP-If-Match header is required even for an initial request, the example in
> section 8.2 needs to be updated.

Good catch. This particular mechanism didn't make sense and wasn't
consistent with RFC 3903.

>
> * Section 9.1
>
> This section does not cover the relationship between the subscription
> duration and the certificate cache duration. It would be nice if you can add
> some text here to say that the UA MUST NOT cache the certificates for a
> period longer than that of the subscription. This way the UE can be notified
> of any revocations or changes in the certificate.

Added a 4th paragraph:
       The UA MUST NOT cache the certificates for a period longer than that
       of the subscription duration. This is to avoid the UA using invalid
       cached credentials when the notifier of the new credentials has been
       prevented from updating the UA.

> Editorial
> =========
>
> * Intended status is missing (I understand this is targeting Proposed
> Standard based on the tracker)
fixed

>
> * Please fix these obsolete references
> -  RFC 3268 (Obsoleted by RFC 5246)
fixed

>
> -  RFC 4366 (Obsoleted by RFC 5246)
fixed

> In May RSA gave change control of PKCS#8 to the IETF.  Any chance
> we can swap out the reference to [PKCS.8.1993] to [RFC5208]?
fixed

Cheers
Jason

Prev by Date: Re: [Sip] Question on draft-ietf-sip-outbound-20 draft: multipleflowcreation
Next by Date: [Sip] I-D Action:draft-ietf-sip-certs-09.txt
Previous by thread: [Sip] Changed From Tag in Spiral Request
Next by thread: [Sip] I-D Action:draft-ietf-sip-certs-09.txt
Index(es):
- Date
- Thread