Re: [Gen-art] Gen-ART last call review of draft-ietf-mile-rfc6046-bis-05

Alexey Melnikov <alexey.melnikov@isode.com> Thu, 19 January 2012 13:07 UTC

Return-Path: <alexey.melnikov@isode.com>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6E01821F8559; Thu, 19 Jan 2012 05:07:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.45
X-Spam-Level:
X-Spam-Status: No, score=-101.45 tagged_above=-999 required=5 tests=[AWL=-0.451, BAYES_00=-2.599, J_BACKHAIR_21=1, J_CHICKENPOX_24=0.6, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id chNGp-KaFqLR; Thu, 19 Jan 2012 05:07:44 -0800 (PST)
Received: from rufus.isode.com (cl-125.lon-03.gb.sixxs.net [IPv6:2a00:14f0:e000:7c::2]) by ietfa.amsl.com (Postfix) with ESMTP id 637B421F8555; Thu, 19 Jan 2012 05:07:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1326978444; d=isode.com; s=selector; i=@isode.com; bh=a7C+mOSJWa+g99xNQGE5h67t6HRm06varbM2bVUCLoI=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=GIqT8jxaDQ633N5ayEqvPSvacmAzVByJ7WBce9JlyAzbdMBcOQ9vRJFVY9/y2zzuul0R/z jPgbN+L0KBoKfRMamY183tBFuuzMvQV5cUGM2q3tFBDgqNSB3xX5L/FWm42c9inxvFLTQE Vb2rLGaCqlUvPknIECrKCjpk9rOzSRA=;
Received: from [188.28.157.129] (188.28.157.129.threembb.co.uk [188.28.157.129]) by rufus.isode.com (submission channel) via TCP with ESMTPSA id <TxgViAAV5wHW@rufus.isode.com>; Thu, 19 Jan 2012 13:07:23 +0000
Message-ID: <4F181582.9080703@isode.com>
Date: Thu, 19 Jan 2012 13:07:14 +0000
From: Alexey Melnikov <alexey.melnikov@isode.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:8.0) Gecko/20111105 Thunderbird/8.0
To: Brian Trammell <trammell@tik.ee.ethz.ch>
References: <4F11E975.9070307@isode.com> <10722E0B-059E-4800-84C0-B330F397B63A@tik.ee.ethz.ch> <4F16D95A.3000006@isode.com> <89E47BB4-C228-4700-94C4-3F4ED03F99A2@tik.ee.ethz.ch> <4F1704DE.1090208@isode.com> <B1B72265-9C9C-4803-AFFA-CDD9B723FA36@tik.ee.ethz.ch> <4F18078D.6090603@isode.com> <ECC3FB54-5282-4336-AEA7-40A349E20A74@tik.ee.ethz.ch>
In-Reply-To: <ECC3FB54-5282-4336-AEA7-40A349E20A74@tik.ee.ethz.ch>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: Kathleen Moriarty <kathleen.moriarty@emc.com>, gen-art@ietf.org, The IESG <iesg@ietf.org>
Subject: Re: [Gen-art] Gen-ART last call review of draft-ietf-mile-rfc6046-bis-05
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/gen-art>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Jan 2012 13:07:45 -0000

On 19/01/2012 12:45, Brian Trammell wrote:
> On Jan 19, 2012, at 1:07 PM, Alexey Melnikov wrote:
>
>>> So, how about the following:
>>>
>>>     RID systems MUST use TLS version 1.1 [RFC4346] or higher for
>>>     confidentiality, identification, and authentication, as in
>>>     Section 2 of [RFC2818].
>> I am Ok with your latest proposal, but if you want to make me super-happy ;-), I suggest you make "as in Section 2 ..." a separate sentence (E.g. "Use of HTTP over TLS is specified in Section 2...", or at least insert the word "specified" after "as".
> Hi, Alexey,
>
> I can do that:
>
>      <t>RID systems MUST use TLS version 1.1<xref target="RFC4346"/>  or higher
>      for confidentiality, identification, and authentication, when sending RID
>      messages over HTTPS. HTTPS is specified in Section 2 of<xref
>      target="RFC2818"/>. RID systems MUST use mutual authentication; that is,
>      both RID systems acting as HTTPS clients and RID systems acting as HTTPS
>      servers MUST be identified by an<xref target="RFC5280">X.509
>      certificate</xref>. Mutual authentication requires full path validation on
>      each certificate, as defined in<xref target="RFC5280"/>.</t>
Perfect, thanks :-).