Re: [CGA-EXT] Fwd: New Version Notification for draft-rgaglian-csi-send-ski-ta-nametype-00
marcelo bagnulo braun <marcelo@it.uc3m.es> Tue, 06 October 2009 18:30 UTC
Return-Path: <marcelo@it.uc3m.es>
X-Original-To: cga-ext@core3.amsl.com
Delivered-To: cga-ext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 51CDB3A6853 for <cga-ext@core3.amsl.com>; Tue, 6 Oct 2009 11:30:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.533
X-Spam-Level:
X-Spam-Status: No, score=-6.533 tagged_above=-999 required=5 tests=[AWL=0.066, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i9OzqUGmOR3u for <cga-ext@core3.amsl.com>; Tue, 6 Oct 2009 11:30:34 -0700 (PDT)
Received: from smtp03.uc3m.es (smtp03.uc3m.es [163.117.176.133]) by core3.amsl.com (Postfix) with ESMTP id 157F83A676A for <cga-ext@ietf.org>; Tue, 6 Oct 2009 11:30:34 -0700 (PDT)
Received: from marcelo-bagnulos-macbook-pro.local (54.pool85-53-139.dynamic.orange.es [85.53.139.54]) by smtp03.uc3m.es (Postfix) with ESMTP id 8540B7F3BAB; Tue, 6 Oct 2009 20:32:10 +0200 (CEST)
Message-ID: <4ACB8D2A.9010208@it.uc3m.es>
Date: Tue, 06 Oct 2009 20:32:10 +0200
From: marcelo bagnulo braun <marcelo@it.uc3m.es>
User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812)
MIME-Version: 1.0
To: Roque Gagliano <roque@lacnic.net>
References: <20091006112313.4514728C167@core3.amsl.com> <3459FB4F-F275-4436-ADBE-B35EF8FD88F7@lacnic.net> <4ACB4BF5.8090102@it.uc3m.es> <6ADE5FD5-0981-44C2-ACA6-C943F1466AAC@lacnic.net>
In-Reply-To: <6ADE5FD5-0981-44C2-ACA6-C943F1466AAC@lacnic.net>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 8bit
X-TM-AS-Product-Ver: IMSS-7.0.0.3116-5.6.0.1016-16930.003
Cc: cga-ext@ietf.org
Subject: Re: [CGA-EXT] Fwd: New Version Notification for draft-rgaglian-csi-send-ski-ta-nametype-00
X-BeenThere: cga-ext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: CGA and SeND Extensions <cga-ext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/cga-ext>, <mailto:cga-ext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/cga-ext>
List-Post: <mailto:cga-ext@ietf.org>
List-Help: <mailto:cga-ext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cga-ext>, <mailto:cga-ext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Oct 2009 18:30:35 -0000
ah, perfect then! I guess i got confused by the title of the section that reads: 3. SEND SKI trust anchor identifier option But you are not defining a SEND SKI trust anchor identifier option but you are defining a SKI NAME TYPE, correct? If so, i don't think we need to update rfc3971, we just need to publish this document as STD RFC, correct? Regards, marcelo Roque Gagliano escribió: > Marcelo, > > What is being propossed is exactly that, a new Name Type of the Trust > anchor Option: > > Name Type > TBD SHA-1 Subject Key Identifier (SKI) > To be added to the ones already defined in RFC 3971in sectin 6.4.3 > "The type of the name included in the Name field. This > specification defines two legal values for this field: > 1 DER Encoded X.501 Name > 2 FQDN" > > Regards, > Roque > > On Oct 6, 2009, at 2:53 PM, marcelo bagnulo braun wrote: > >> Hi, >> >> My take on this one. >> I think we need a way to distinguish TAs across different CAs. I >> think that using the Hash of the public key is a reasonable option. >> >> Now, what i am not sure i understand is why do we need a new option. >> I mean, wouldn't be possible to define a new Name Type of the Trust >> anchor Option defined in section 6.4.3 of RFC3971, the new Name type >> being the SKI? >> >> People that are using multiple Tas should use this Name Type to be >> certain that they identify the right TA accors multiple TAs. >> >> Regards, marcelo >> >> >> Roque Gagliano escribió: >>> Dear WG, >>> >>> At the "cert" team we have identify a problem with RFC 3971 and the >>> trust anchor name types defined there. The RFC defines as possible >>> name types a X501 subject name or a FQDN. The problem we have is >>> that subject name may not be unique across CAs in a PKI. >>> As we decided to adopt SIDR WG certificate profile, the Subject Key >>> Identifier extension is mandatory now. Consequently, we can use this >>> hash of the subject public key to identify the host TAs even if we >>> need to search across several CAs. >>> >>> We are issuing this draft to document the problem. However, RFC 3971 >>> did not set a Registry for name types in the TA ICMP option, which >>> means that the only way to implement this new name type is to modify >>> RFC 3971 that I understand was already part of the plans for this WG. >>> How do the group feels about taking this path? >>> >>> Regards, >>> >>> Roque, Suresh, Ana. >>> >>> >>> Begin forwarded message: >>> >>>> *From: *IETF I-D Submission Tool <idsubmission@ietf.org >>>> <mailto:idsubmission@ietf.org>> >>>> *Date: *October 6, 2009 12:23:13 PM GMT+01:00 >>>> *To: *roque@lacnic.net <mailto:roque@lacnic.net> >>>> *Cc: *suresh.krishnan@ericsson.com >>>> <mailto:suresh.krishnan@ericsson.com>,ana.kukec@fer.hr >>>> <mailto:ana.kukec@fer.hr> >>>> *Subject: **New Version Notification for >>>> draft-rgaglian-csi-send-ski-ta-nametype-00 * >>>> >>>> >>>> A new version of I-D, >>>> draft-rgaglian-csi-send-ski-ta-nametype-00.txt has been successfuly >>>> submitted by Roque Gagliano and posted to the IETF repository. >>>> >>>> Filename: draft-rgaglian-csi-send-ski-ta-nametype >>>> Revision: 00 >>>> Title: Subject Key Identifier (SKI) name type for SEND TA option >>>> Creation_date: 2009-10-06 >>>> WG ID: Independent Submission >>>> Number_of_pages: 10 >>>> >>>> Abstract: >>>> SEcure Neighbor Discovery (SEND) Utilizes X.509v3 certificates for >>>> performing router authorization. This document specifies a SEND name >>>> type to identify trust anchor X.509v3 certificates based on its >>>> Subject Key Identifier. >>>> >>>> >>>> >>>> The IETF Secretariat. >>>> >>> >>> ------------------------------------------------------------- >>> Roque Gagliano >>> LACNIC >>> roque@lacnic.net <mailto:roque@lacnic.net> >>> GPG Fingerprint: E929 06F4 D8CD 2AD8 9365 DB72 9E4F 964A 01E9 6CEE >>> >>> ------------------------------------------------------------------------ >>> >>> _______________________________________________ >>> CGA-EXT mailing list >>> CGA-EXT@ietf.org <mailto:CGA-EXT@ietf.org> >>> https://www.ietf.org/mailman/listinfo/cga-ext >>> > > ------------------------------------------------------------- > Roque Gagliano > LACNIC > roque@lacnic.net <mailto:roque@lacnic.net> > GPG Fingerprint: E929 06F4 D8CD 2AD8 9365 DB72 9E4F 964A 01E9 6CEE >
- [CGA-EXT] Fwd: New Version Notification for draft… Roque Gagliano
- Re: [CGA-EXT] Fwd: New Version Notification for d… marcelo bagnulo braun
- Re: [CGA-EXT] Fwd: New Version Notification for d… Roque Gagliano
- Re: [CGA-EXT] Fwd: New Version Notification for d… marcelo bagnulo braun
- Re: [CGA-EXT] Fwd: New Version Notification for d… Roque Gagliano
- Re: [CGA-EXT] Fwd: New Version Notification for d… marcelo bagnulo braun