Re: [Gen-art] Gen-ART last call review of draft-ietf-mile-rfc6046-bis-05

Brian Trammell <trammell@tik.ee.ethz.ch> Thu, 19 January 2012 12:46 UTC

Return-Path: <trammell@tik.ee.ethz.ch>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 999C621F8621; Thu, 19 Jan 2012 04:46:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GqxoaiJ3WXFo; Thu, 19 Jan 2012 04:46:02 -0800 (PST)
Received: from smtp.ee.ethz.ch (smtp.ee.ethz.ch [129.132.2.219]) by ietfa.amsl.com (Postfix) with ESMTP id 10F4E21F861E; Thu, 19 Jan 2012 04:46:02 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by smtp.ee.ethz.ch (Postfix) with ESMTP id 0F64AD9303; Thu, 19 Jan 2012 13:46:00 +0100 (MET)
X-Virus-Scanned: by amavisd-new on smtp.ee.ethz.ch
Received: from smtp.ee.ethz.ch ([127.0.0.1]) by localhost (.ee.ethz.ch [127.0.0.1]) (amavisd-new, port 10024) with LMTP id ypy1-++9SSdi; Thu, 19 Jan 2012 13:45:59 +0100 (MET)
Received: from pb-10243.ethz.ch (pb-10243.ethz.ch [82.130.102.152]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: briant) by smtp.ee.ethz.ch (Postfix) with ESMTPSA id 8DE79D9304; Thu, 19 Jan 2012 13:45:59 +0100 (MET)
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset="us-ascii"
From: Brian Trammell <trammell@tik.ee.ethz.ch>
In-Reply-To: <4F18078D.6090603@isode.com>
Date: Thu, 19 Jan 2012 13:45:58 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <ECC3FB54-5282-4336-AEA7-40A349E20A74@tik.ee.ethz.ch>
References: <4F11E975.9070307@isode.com> <10722E0B-059E-4800-84C0-B330F397B63A@tik.ee.ethz.ch> <4F16D95A.3000006@isode.com> <89E47BB4-C228-4700-94C4-3F4ED03F99A2@tik.ee.ethz.ch> <4F1704DE.1090208@isode.com> <B1B72265-9C9C-4803-AFFA-CDD9B723FA36@tik.ee.ethz.ch> <4F18078D.6090603@isode.com>
To: Alexey Melnikov <alexey.melnikov@isode.com>
X-Mailer: Apple Mail (2.1084)
Cc: Kathleen Moriarty <kathleen.moriarty@emc.com>, gen-art@ietf.org, The IESG <iesg@ietf.org>
Subject: Re: [Gen-art] Gen-ART last call review of draft-ietf-mile-rfc6046-bis-05
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/gen-art>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Jan 2012 12:46:02 -0000

On Jan 19, 2012, at 1:07 PM, Alexey Melnikov wrote:

>>>> 
>> So, how about the following:
>> 
>>    RID systems MUST use TLS version 1.1 [RFC4346] or higher for
>>    confidentiality, identification, and authentication, as in
>>    Section 2 of [RFC2818].
> I am Ok with your latest proposal, but if you want to make me super-happy ;-), I suggest you make "as in Section 2 ..." a separate sentence (E.g. "Use of HTTP over TLS is specified in Section 2...", or at least insert the word "specified" after "as".

Hi, Alexey,

I can do that:

    <t>RID systems MUST use TLS version 1.1 <xref target="RFC4346"/> or higher
    for confidentiality, identification, and authentication, when sending RID
    messages over HTTPS. HTTPS is specified in Section 2 of <xref
    target="RFC2818"/>. RID systems MUST use mutual authentication; that is,
    both RID systems acting as HTTPS clients and RID systems acting as HTTPS
    servers MUST be identified by an <xref target="RFC5280">X.509
    certificate</xref>. Mutual authentication requires full path validation on
    each certificate, as defined in <xref target="RFC5280"/>.</t>

Cheers,

Brian