Re: [apps-discuss] Apps-team review: draft-ietf-sipcore-sec-flows
Gonzalo Camarillo <Gonzalo.Camarillo@ericsson.com> Tue, 11 January 2011 07:48 UTC
Return-Path: <gonzalo.camarillo@ericsson.com>
X-Original-To: apps-discuss@core3.amsl.com
Delivered-To: apps-discuss@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id F00383A69ED for <apps-discuss@core3.amsl.com>; Mon, 10 Jan 2011 23:48:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.12
X-Spam-Level:
X-Spam-Status: No, score=-105.12 tagged_above=-999 required=5 tests=[AWL=-1.521, BAYES_00=-2.599, J_CHICKENPOX_12=0.6, J_CHICKENPOX_13=0.6, J_CHICKENPOX_15=0.6, J_CHICKENPOX_210=0.6, J_CHICKENPOX_25=0.6, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iMLjprr4BJ0C for <apps-discuss@core3.amsl.com>; Mon, 10 Jan 2011 23:48:14 -0800 (PST)
Received: from mailgw9.se.ericsson.net (mailgw9.se.ericsson.net [193.180.251.57]) by core3.amsl.com (Postfix) with ESMTP id BD8A23A69E8 for <apps-discuss@ietf.org>; Mon, 10 Jan 2011 23:48:13 -0800 (PST)
X-AuditID: c1b4fb39-b7cfbae000005c8e-cd-4d2c0bc4e433
Received: from esessmw0247.eemea.ericsson.se (Unknown_Domain [153.88.253.125]) by mailgw9.se.ericsson.net (Symantec Mail Security) with SMTP id E4.9D.23694.4CB0C2D4; Tue, 11 Jan 2011 08:50:28 +0100 (CET)
Received: from [131.160.126.193] (153.88.115.8) by esessmw0247.eemea.ericsson.se (153.88.115.94) with Microsoft SMTP Server id 8.2.234.1; Tue, 11 Jan 2011 08:50:28 +0100
Message-ID: <4D2C0BC2.7050002@ericsson.com>
Date: Tue, 11 Jan 2011 09:50:26 +0200
From: Gonzalo Camarillo <Gonzalo.Camarillo@ericsson.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.8) Gecko/20100802 Thunderbird/3.1.2
MIME-Version: 1.0
To: Kurt.Zeilenga@Isode.com
References: <4BF3DB9C-02D5-4778-9D30-694F8DB74A8D@estacado.net> <1B9BC3F1-3FA4-4FAF-BD32-2FE8417840FD@estacado.net>
In-Reply-To: <1B9BC3F1-3FA4-4FAF-BD32-2FE8417840FD@estacado.net>
X-Enigmail-Version: 1.1.1
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-Brightmail-Tracker: AAAAAA==
X-Mailman-Approved-At: Tue, 11 Jan 2011 08:09:49 -0800
Cc: Adam Roach <adam@nostrum.com>, apps-discuss@ietf.org, draft-ietf-sipcore-sec-flows@tools.ietf.org, Brian Hibbard <brian@estacado.net>
Subject: Re: [apps-discuss] Apps-team review: draft-ietf-sipcore-sec-flows
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Jan 2011 07:48:15 -0000
Hi Kurt, could you please have a look at Brian's explanation below and let us know whether or not you are happy with it? Thanks, Gonzalo >> *From: *Brian Hibbard <brian@estacado.net <mailto:brian@estacado.net>> >> *Date: *January 6, 2011 10:35:07 AM CST >> *To: *Kurt Zeilenga <Kurt.Zeilenga@Isode.com >> <mailto:Kurt.Zeilenga@Isode.com>> >> *Cc: *Alexey Melnikov <alexey.melnikov@Isode.com >> <mailto:alexey.melnikov@Isode.com>>, >> draft-ietf-sipcore-sec-flows@tools.ietf.org >> <mailto:draft-ietf-sipcore-sec-flows@tools.ietf.org>, >> apps-discuss@ietf.org <mailto:apps-discuss@ietf.org> >> *Subject: **Re: Apps-team review: draft-ietf-sipcore-sec-flows * >> >> Hello Kurt, >> >> Thank you for your input. The inconsistencies in presentation of DN >> that you're talking about are the actual results of the dumps of the >> OpenSSL "x509" certificate tool. The use of the tool in this context >> is only to examine the content of the certificates for learning and >> testing purposes, and in the draft, to show what designers and >> testers would see in their environments. It is only because those >> are the actual results from the tool most likely to be used by readers >> of this document, that we are partial to leaving the dumps as they are. >> >> With that said, if you remain convinced that consistency of >> presentation is the more important factor here, I will go and make >> changes to the x509 dumps. >> >> Regards, >> Brian >> >> On Dec 15, 2010, at 9:21 AM, Kurt Zeilenga wrote: >> >>> I have been selected as the Applications Area Review Team reviewer >>> for this draft (for background on apps-review, please >>> seehttp://www.apps.ietf.org/content/applications-area-review-team) >>> >>> Please resolve these comments along with any other Last Call comments >>> you may receive. Please wait for direction from your document >>> shepherd or AD before posting a new version of the draft. >>> >>> Document: draft-ietf-sipcore-sec-flows (rev-07 reviewed) >>> Title: Example call flows using Session Initiation Protocol (SIP) >>> security mechanisms >>> Reviewer: Kurt Zeilenga >>> Review Date: 12/15/2010 >>> IETF Last Call Date: [include if known] >>> IESG Telechat Date: 2011-01-20 >>> Summary: This draft is basically ready for publication as an >>> Informational RFC but has a few issues that should be fixed before >>> publication. >>> Major Issues: None. >>> Minor Issues: >>> >>> I see some inconsistencies in how Distinguished Names (DNs) are >>> presented in the RFC. >>> >>> For instance (from 2.1): >>> Issuer: C=US, ST=California, L=San Jose, O=sipit, >>> OU=Sipit Test Certificate Authority >>> >>> vs. (also from 2.1) >>> DirName:/C=US/ST=California/L=San Jose/O=sipit/ >>> OU=Sipit Test Certificate Authority >>> >>> The former kind of looks like the LDAP DN format but, if that's what >>> was intended, the RDNs appear in the incorrect order. Note that in >>> the LDAP DN format, the most specific element appears first (the >>> reverse of how they appear in the BER/DER encoding of a DN). Also, >>> there should be no spaces after the RDN separators (the commas). >>> >>> The latter appears to be DCE format. >>> >>> I would think it appropriate to use a single format for all DNs and, >>> if one chooses to use the LDAP DN format, that values ought to be >>> constructed per RFC 4514. I note that Appendix A of RFC 4514 >>> discusses presentation issues of Distinguished Names. >>> >>> Nits: The usual (many acronyms are not spelled out on first use, etc.) >> >
- [apps-discuss] Apps-team review: draft-ietf-sipco… Kurt Zeilenga
- Re: [apps-discuss] Apps-team review: draft-ietf-s… Brian Hibbard
- Re: [apps-discuss] Apps-team review: draft-ietf-s… Gonzalo Camarillo
- Re: [apps-discuss] Apps-team review: draft-ietf-s… Kurt Zeilenga
- Re: [apps-discuss] Apps-team review: draft-ietf-s… Brian Hibbard