[CGA-EXT] Comment draft-ietf-csi-hash-threat-08.txt

Roque Gagliano <roque.ietf@gmail.com> Sat, 06 March 2010 17:33 UTC

Return-Path: <roque.ietf@gmail.com>
X-Original-To: cga-ext@core3.amsl.com
Delivered-To: cga-ext@core3.amsl.com
Received: from localhost (localhost []) by core3.amsl.com (Postfix) with ESMTP id 03C233A8D5E for <cga-ext@core3.amsl.com>; Sat, 6 Mar 2010 09:33:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([]) by localhost (core3.amsl.com []) (amavisd-new, port 10024) with ESMTP id ov5x2G4CnuN4 for <cga-ext@core3.amsl.com>; Sat, 6 Mar 2010 09:33:21 -0800 (PST)
Received: from mail-wy0-f172.google.com (mail-wy0-f172.google.com []) by core3.amsl.com (Postfix) with ESMTP id B5E943A8D7D for <CGA-EXT@ietf.org>; Sat, 6 Mar 2010 09:33:17 -0800 (PST)
Received: by wyb40 with SMTP id 40so2604963wyb.31 for <CGA-EXT@ietf.org>; Sat, 06 Mar 2010 09:33:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:content-type; bh=z0z09c3e2ZwqhmnHZMXsPNEXj7ttd66c9D30cPzJJ8M=; b=K6/yKgjAO/MX0NoOI9FQwBH2PpYAg40PnuB2m1OuF+JvIRLghX+NqrWgBkSgWPOWEU Hyqwqxb644fyhk/Fj3hFErylywTPxEiEHPBEw64Hx31dSSQ0QbAz0ZDeIpB+wMHjhHOb AjaKR8jpMgiVWX6FExxviF6XG95lly972IsZ0=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=jYQeXGqzE5MR+34B/MCFuoQgjjOQVuxCGa0UOuSmPWO/qvczyqsNN+Y2PwDkO+tIyT AeXF1c/Gx1By8tHhAizcJo6tQsK6CGKQfm1zkvpb2M7P3sonbMspl5bjaUSKUAUFNuLM twX7U0OpD1onesZndMIcY9RJ21uzqf+OL6XnI=
MIME-Version: 1.0
Received: by with SMTP id u63mr1194580wee.15.1267896796216; Sat, 06 Mar 2010 09:33:16 -0800 (PST)
Date: Sat, 6 Mar 2010 18:33:16 +0100
Message-ID: <5f70d8c91003060933v4360e177u1dbf156e6c1e055e@mail.gmail.com>
From: Roque Gagliano <roque.ietf@gmail.com>
To: CGA-EXT@ietf.org
Content-Type: multipart/alternative; boundary=0016e6d7e03b267fe90481253a98
Subject: [CGA-EXT] Comment draft-ietf-csi-hash-threat-08.txt
X-BeenThere: cga-ext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: CGA and SeND Extensions <cga-ext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/cga-ext>, <mailto:cga-ext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/cga-ext>
List-Post: <mailto:cga-ext@ietf.org>
List-Help: <mailto:cga-ext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cga-ext>, <mailto:cga-ext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 06 Mar 2010 17:33:22 -0000


I was starting to review this draft and I realized that most of  Section 3.2
is based in "human readable" information.

In SEND, we are not identifying people but functions in equipments, so I am
not sure I share how the section is written. Moreover, the cert. profile
document particularly requests that names should be "meaningless" in RPKI.
This is to avoid any sort of legal issues.

So, a certificate with a bizarre CN could still be valid for SEND. Please
check this website with valid RPKI certificates: http://rpki.he.net/

All in all, I believe we should not take for granted that the distinguished
name field for either the subject or the issuer of a SEND certificate should
always be human readable.