Re: [CGA-EXT] Fwd: New Version Notification for draft-rgaglian-csi-send-ski-ta-nametype-00
marcelo bagnulo braun <marcelo@it.uc3m.es> Tue, 06 October 2009 21:03 UTC
Return-Path: <marcelo@it.uc3m.es>
X-Original-To: cga-ext@core3.amsl.com
Delivered-To: cga-ext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1F4F928C108 for <cga-ext@core3.amsl.com>; Tue, 6 Oct 2009 14:03:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.523
X-Spam-Level:
X-Spam-Status: No, score=-6.523 tagged_above=-999 required=5 tests=[AWL=0.076, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rUil0Jc2PmwH for <cga-ext@core3.amsl.com>; Tue, 6 Oct 2009 14:03:12 -0700 (PDT)
Received: from smtp01.uc3m.es (smtp01.uc3m.es [163.117.176.131]) by core3.amsl.com (Postfix) with ESMTP id C043F28C104 for <cga-ext@ietf.org>; Tue, 6 Oct 2009 14:03:11 -0700 (PDT)
Received: from marcelo-bagnulos-macbook-pro.local (54.pool85-53-139.dynamic.orange.es [85.53.139.54]) by smtp01.uc3m.es (Postfix) with ESMTP id 7A872B48A80; Tue, 6 Oct 2009 23:04:47 +0200 (CEST)
Message-ID: <4ACBB0EE.8050502@it.uc3m.es>
Date: Tue, 06 Oct 2009 23:04:46 +0200
From: marcelo bagnulo braun <marcelo@it.uc3m.es>
User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812)
MIME-Version: 1.0
To: Roque Gagliano <roque@lacnic.net>
References: <20091006112313.4514728C167@core3.amsl.com> <3459FB4F-F275-4436-ADBE-B35EF8FD88F7@lacnic.net> <4ACB4BF5.8090102@it.uc3m.es> <6ADE5FD5-0981-44C2-ACA6-C943F1466AAC@lacnic.net> <4ACB8D2A.9010208@it.uc3m.es> <7113AD42-CE2D-442E-9DCC-28679E322633@lacnic.net>
In-Reply-To: <7113AD42-CE2D-442E-9DCC-28679E322633@lacnic.net>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 8bit
X-TM-AS-Product-Ver: IMSS-7.0.0.3116-5.6.0.1016-16932.000
Cc: cga-ext@ietf.org
Subject: Re: [CGA-EXT] Fwd: New Version Notification for draft-rgaglian-csi-send-ski-ta-nametype-00
X-BeenThere: cga-ext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: CGA and SeND Extensions <cga-ext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/cga-ext>, <mailto:cga-ext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/cga-ext>
List-Post: <mailto:cga-ext@ietf.org>
List-Help: <mailto:cga-ext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cga-ext>, <mailto:cga-ext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Oct 2009 21:03:13 -0000
Roque Gagliano escribió: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Marcelo, > > On Oct 6, 2009, at 7:32 PM, marcelo bagnulo braun wrote: > >> ah, perfect then! >> >> I guess i got confused by the title of the section that reads: >> >> 3. SEND SKI trust anchor identifier option >> >> But you are not defining a SEND SKI trust anchor identifier option >> but you are defining a SKI NAME TYPE, correct? >> > > correct. > >> If so, i don't think we need to update rfc3971, we just need to >> publish this document as STD RFC, correct? >> > > The problem that I described in the original email was that RFC 3971 > does not define a registry for name type. We issue this document just > to point out that we believe that this new name type is needed. What > we could do is to modify the draft to create this registry and add the > SKY name type to the ones defined in RFC 3971. > > What does the group feel about this? this seems a reasonable option to me could you update the document and include a iana considerations section? Regards, marcelo > > Roque. > >> Regards, marcelo >> >> >> >> Roque Gagliano escribió: >>> Marcelo, >>> >>> What is being propossed is exactly that, a new Name Type of the >>> Trust anchor Option: >>> >>> Name Type TBD SHA-1 Subject Key Identifier (SKI) >>> To be added to the ones already defined in RFC 3971in sectin 6.4.3 >>> "The type of the name included in the Name field. This >>> specification defines two legal values for this field: >>> 1 DER Encoded X.501 Name 2 FQDN" >>> >>> Regards, >>> Roque >>> >>> On Oct 6, 2009, at 2:53 PM, marcelo bagnulo braun wrote: >>> >>>> Hi, >>>> >>>> My take on this one. >>>> I think we need a way to distinguish TAs across different CAs. I >>>> think that using the Hash of the public key is a reasonable option. >>>> >>>> Now, what i am not sure i understand is why do we need a new option. >>>> I mean, wouldn't be possible to define a new Name Type of the Trust >>>> anchor Option defined in section 6.4.3 of RFC3971, the new Name >>>> type being the SKI? >>>> >>>> People that are using multiple Tas should use this Name Type to be >>>> certain that they identify the right TA accors multiple TAs. >>>> >>>> Regards, marcelo >>>> >>>> >>>> Roque Gagliano escribió: >>>>> Dear WG, >>>>> >>>>> At the "cert" team we have identify a problem with RFC 3971 and >>>>> the trust anchor name types defined there. The RFC defines as >>>>> possible name types a X501 subject name or a FQDN. The problem we >>>>> have is that subject name may not be unique across CAs in a PKI. >>>>> As we decided to adopt SIDR WG certificate profile, the Subject >>>>> Key Identifier extension is mandatory now. Consequently, we can >>>>> use this hash of the subject public key to identify the host TAs >>>>> even if we need to search across several CAs. >>>>> >>>>> We are issuing this draft to document the problem. However, RFC >>>>> 3971 did not set a Registry for name types in the TA ICMP option, >>>>> which means that the only way to implement this new name type is >>>>> to modify RFC 3971 that I understand was already part of the plans >>>>> for this WG. >>>>> How do the group feels about taking this path? >>>>> >>>>> Regards, >>>>> >>>>> Roque, Suresh, Ana. >>>>> >>>>> >>>>> Begin forwarded message: >>>>> >>>>>> *From: *IETF I-D Submission Tool <idsubmission@ietf.org >>>>>> <mailto:idsubmission@ietf.org>> >>>>>> *Date: *October 6, 2009 12:23:13 PM GMT+01:00 >>>>>> *To: *roque@lacnic.net <mailto:roque@lacnic.net> >>>>>> *Cc: *suresh.krishnan@ericsson.com >>>>>> <mailto:suresh.krishnan@ericsson.com>,ana.kukec@fer.hr >>>>>> <mailto:ana.kukec@fer.hr> >>>>>> *Subject: **New Version Notification for >>>>>> draft-rgaglian-csi-send-ski-ta-nametype-00 * >>>>>> >>>>>> >>>>>> A new version of I-D, >>>>>> draft-rgaglian-csi-send-ski-ta-nametype-00.txt has been >>>>>> successfuly submitted by Roque Gagliano and posted to the IETF >>>>>> repository. >>>>>> >>>>>> Filename: draft-rgaglian-csi-send-ski-ta-nametype >>>>>> Revision: 00 >>>>>> Title: Subject Key Identifier (SKI) name type for SEND TA option >>>>>> Creation_date: 2009-10-06 >>>>>> WG ID: Independent Submission >>>>>> Number_of_pages: 10 >>>>>> >>>>>> Abstract: >>>>>> SEcure Neighbor Discovery (SEND) Utilizes X.509v3 certificates for >>>>>> performing router authorization. This document specifies a SEND >>>>>> name >>>>>> type to identify trust anchor X.509v3 certificates based on its >>>>>> Subject Key Identifier. >>>>>> >>>>>> >>>>>> >>>>>> The IETF Secretariat. >>>>>> >>>>> >>>>> ------------------------------------------------------------- >>>>> Roque Gagliano >>>>> LACNIC >>>>> roque@lacnic.net <mailto:roque@lacnic.net> >>>>> GPG Fingerprint: E929 06F4 D8CD 2AD8 9365 DB72 9E4F 964A 01E9 6CEE >>>>> >>>>> ------------------------------------------------------------------------ >>>>> >>>>> >>>>> _______________________________________________ >>>>> CGA-EXT mailing list >>>>> CGA-EXT@ietf.org <mailto:CGA-EXT@ietf.org> >>>>> https://www.ietf.org/mailman/listinfo/cga-ext >>>>> >>> >>> ------------------------------------------------------------- >>> Roque Gagliano >>> LACNIC >>> roque@lacnic.net <mailto:roque@lacnic.net> >>> GPG Fingerprint: E929 06F4 D8CD 2AD8 9365 DB72 9E4F 964A 01E9 6CEE >>> > > - ------------------------------------------------------------- > Roque Gagliano > LACNIC > roque@lacnic.net > GPG Fingerprint: E929 06F4 D8CD 2AD8 9365 DB72 9E4F 964A 01E9 6CEE > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.8 (Darwin) > > iEYEARECAAYFAkrLl/gACgkQnk+WSgHpbO5GRQCfQnc72yzvMDbwj+Sd5kRfu1PD > CBMAoKgpH6jz9UbiMcfzAJ/SVzjDWaUR > =Qwfu > -----END PGP SIGNATURE----- > _______________________________________________ > CGA-EXT mailing list > CGA-EXT@ietf.org > https://www.ietf.org/mailman/listinfo/cga-ext >
- [CGA-EXT] Fwd: New Version Notification for draft… Roque Gagliano
- Re: [CGA-EXT] Fwd: New Version Notification for d… marcelo bagnulo braun
- Re: [CGA-EXT] Fwd: New Version Notification for d… Roque Gagliano
- Re: [CGA-EXT] Fwd: New Version Notification for d… marcelo bagnulo braun
- Re: [CGA-EXT] Fwd: New Version Notification for d… Roque Gagliano
- Re: [CGA-EXT] Fwd: New Version Notification for d… marcelo bagnulo braun