[CGA-EXT] Fwd: New Version Notification for draft-rgaglian-csi-send-ski-ta-nametype-00
Roque Gagliano <roque@lacnic.net> Tue, 06 October 2009 11:35 UTC
Return-Path: <roque@lacnic.net>
X-Original-To: cga-ext@core3.amsl.com
Delivered-To: cga-ext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C873928C171 for <cga-ext@core3.amsl.com>; Tue, 6 Oct 2009 04:35:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.488
X-Spam-Level:
X-Spam-Status: No, score=-0.488 tagged_above=-999 required=5 tests=[AWL=-0.560, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_EQ_IP_ADDR=1.119, HTML_MESSAGE=0.001, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id njq+ZcSHcoRO for <cga-ext@core3.amsl.com>; Tue, 6 Oct 2009 04:35:08 -0700 (PDT)
Received: from mail.lacnic.net.uy (mail.lacnic.net.uy [IPv6:2001:13c7:7001:4000::3]) by core3.amsl.com (Postfix) with ESMTP id 94B9B28C158 for <cga-ext@ietf.org>; Tue, 6 Oct 2009 04:35:07 -0700 (PDT)
Received: from [200.7.85.67] (unknown [200.7.85.67]) by mail.lacnic.net.uy (Postfix) with ESMTP id 0AA51308512 for <cga-ext@ietf.org>; Tue, 6 Oct 2009 09:36:24 -0200 (UYST)
Message-Id: <3459FB4F-F275-4436-ADBE-B35EF8FD88F7@lacnic.net>
From: Roque Gagliano <roque@lacnic.net>
To: cga-ext@ietf.org
Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg="pgp-sha1"; boundary="Apple-Mail-10--503641358"
Mime-Version: 1.0 (Apple Message framework v936)
Date: Tue, 06 Oct 2009 12:35:49 +0100
References: <20091006112313.4514728C167@core3.amsl.com>
X-Pgp-Agent: GPGMail d55 (v55, Leopard)
Content-Transfer-Encoding: 7bit
X-Mailer: Apple Mail (2.936)
X-LACNIC.uy-MailScanner-Information: Please contact the ISP for more information
X-LACNIC.uy-MailScanner: Found to be clean
X-LACNIC.uy-MailScanner-SpamCheck:
X-LACNIC.uy-MailScanner-From: roque@lacnic.net
Subject: [CGA-EXT] Fwd: New Version Notification for draft-rgaglian-csi-send-ski-ta-nametype-00
X-BeenThere: cga-ext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: CGA and SeND Extensions <cga-ext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/cga-ext>, <mailto:cga-ext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/cga-ext>
List-Post: <mailto:cga-ext@ietf.org>
List-Help: <mailto:cga-ext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cga-ext>, <mailto:cga-ext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Oct 2009 11:35:09 -0000
Dear WG, At the "cert" team we have identify a problem with RFC 3971 and the trust anchor name types defined there. The RFC defines as possible name types a X501 subject name or a FQDN. The problem we have is that subject name may not be unique across CAs in a PKI. As we decided to adopt SIDR WG certificate profile, the Subject Key Identifier extension is mandatory now. Consequently, we can use this hash of the subject public key to identify the host TAs even if we need to search across several CAs. We are issuing this draft to document the problem. However, RFC 3971 did not set a Registry for name types in the TA ICMP option, which means that the only way to implement this new name type is to modify RFC 3971 that I understand was already part of the plans for this WG. How do the group feels about taking this path? Regards, Roque, Suresh, Ana. Begin forwarded message: > From: IETF I-D Submission Tool <idsubmission@ietf.org> > Date: October 6, 2009 12:23:13 PM GMT+01:00 > To: roque@lacnic.net > Cc: suresh.krishnan@ericsson.com,ana.kukec@fer.hr > Subject: New Version Notification for draft-rgaglian-csi-send-ski- > ta-nametype-00 > > > A new version of I-D, draft-rgaglian-csi-send-ski-ta-nametype-00.txt > has been successfuly submitted by Roque Gagliano and posted to the > IETF repository. > > Filename: draft-rgaglian-csi-send-ski-ta-nametype > Revision: 00 > Title: Subject Key Identifier (SKI) name type for SEND TA option > Creation_date: 2009-10-06 > WG ID: Independent Submission > Number_of_pages: 10 > > Abstract: > SEcure Neighbor Discovery (SEND) Utilizes X.509v3 certificates for > performing router authorization. This document specifies a SEND name > type to identify trust anchor X.509v3 certificates based on its > Subject Key Identifier. > > > > The IETF Secretariat. > ------------------------------------------------------------- Roque Gagliano LACNIC roque@lacnic.net GPG Fingerprint: E929 06F4 D8CD 2AD8 9365 DB72 9E4F 964A 01E9 6CEE
- [CGA-EXT] Fwd: New Version Notification for draft… Roque Gagliano
- Re: [CGA-EXT] Fwd: New Version Notification for d… marcelo bagnulo braun
- Re: [CGA-EXT] Fwd: New Version Notification for d… Roque Gagliano
- Re: [CGA-EXT] Fwd: New Version Notification for d… marcelo bagnulo braun
- Re: [CGA-EXT] Fwd: New Version Notification for d… Roque Gagliano
- Re: [CGA-EXT] Fwd: New Version Notification for d… marcelo bagnulo braun