Re: [Hipsec] I-D Action:draft-ietf-hip-cert-03.txt
Samu Varjonen <samu.varjonen@hiit.fi> Mon, 03 May 2010 07:45 UTC
Return-Path: <samu.varjonen@hiit.fi>
X-Original-To: hipsec@core3.amsl.com
Delivered-To: hipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CEFF93A696E for <hipsec@core3.amsl.com>; Mon, 3 May 2010 00:45:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.001
X-Spam-Level:
X-Spam-Status: No, score=0.001 tagged_above=-999 required=5 tests=[BAYES_50=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qPc8f911-5zl for <hipsec@core3.amsl.com>; Mon, 3 May 2010 00:44:59 -0700 (PDT)
Received: from argo.otaverkko.fi (argo.otaverkko.fi [212.68.0.2]) by core3.amsl.com (Postfix) with ESMTP id 8D67B3A67B6 for <hipsec@ietf.org>; Mon, 3 May 2010 00:44:59 -0700 (PDT)
Received: from [128.214.191.139] (dhcp-eduroam-10.mobile.helsinki.fi [128.214.191.139]) by argo.otaverkko.fi (Postfix) with ESMTP id 9DC8A25ED11; Mon, 3 May 2010 10:44:43 +0300 (EEST)
Message-ID: <4BDE7EEB.6080103@hiit.fi>
Date: Mon, 03 May 2010 10:44:43 +0300
From: Samu Varjonen <samu.varjonen@hiit.fi>
User-Agent: Thunderbird 2.0.0.24 (X11/20100411)
MIME-Version: 1.0
To: "Mattes, David" <david.mattes@boeing.com>
References: <20100428084501.795053A6869@core3.amsl.com> <E330FAC0AD42A34E90F3467F5A37AA372549A239E2@XCH-NW-11V.nw.nos.boeing.com>
In-Reply-To: <E330FAC0AD42A34E90F3467F5A37AA372549A239E2@XCH-NW-11V.nw.nos.boeing.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: "hipsec@ietf.org" <hipsec@ietf.org>
Subject: Re: [Hipsec] I-D Action:draft-ietf-hip-cert-03.txt
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hipsec>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 May 2010 07:45:00 -0000
Hi, Sorry for the delayed answer. Comments inline. Mattes, David wrote: > Hi Tobias and Samu, > > Thank you for this work! > > Some comments: > Section 2, last paragraph, 2nd sentence: s/LDAP URL/DN/ OK > > Section 3, paragraph 1: I don't agree that HITs need to be enclosed within X.509 certificates. Many users will not have control over the Certificate Issuing Authorities, or even if they do have that control, will be unable to specify inclusion of the HIT in the certificate. Furthermore, the issuer may not be involved in HIP communications at all! I think it is a mistake to require _any_ HIP details to be present in a certificate used for HIP communications, nor do I see why it is necessary. Yes, we agree that HITs are not always needed or even possible for the user to add to the certificates. The text should be lessened to say something along the lines of "if HITs are needed in the certificates this is how you use them" > > Section 3, can we add another example that describes a managed PKI environment? If you agree with my comment about HITs in the certificate, I will write up an example for this case. > This is one of the remaining items on the todo list and we would appreciate your contribution. > Regards, > David Mattes > > -----Original Message----- > From: hipsec-bounces@ietf.org [mailto:hipsec-bounces@ietf.org] On Behalf Of Internet-Drafts@ietf.org > Sent: Wednesday, April 28, 2010 1:45 AM > To: i-d-announce@ietf.org > Cc: hipsec@ietf.org > Subject: [Hipsec] I-D Action:draft-ietf-hip-cert-03.txt > > A New Internet-Draft is available from the on-line Internet-Drafts directories. > This draft is a work item of the Host Identity Protocol Working Group of the IETF. > > > Title : HIP Certificates > Author(s) : T. Heer, S. Varjonen > Filename : draft-ietf-hip-cert-03.txt > Pages : 10 > Date : 2010-04-28 > > This document specifies a certificate parameter called CERT for the Host Identity Protocol (HIP). The CERT parameter is a container for > X.509.v3 certificates and for Simple Public Key Infrastructure (SPKI) certificates. It is used for carrying these certificates in HIP control packets. Additionally, this document specifies the representations of Host Identity Tags in X.509.v3 and in SPKI certificates. > > A URL for this Internet-Draft is: > http://www.ietf.org/internet-drafts/draft-ietf-hip-cert-03.txt > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft.
- [Hipsec] I-D Action:draft-ietf-hip-cert-03.txt Internet-Drafts
- Re: [Hipsec] I-D Action:draft-ietf-hip-cert-03.txt Mattes, David
- Re: [Hipsec] I-D Action:draft-ietf-hip-cert-03.txt Samu Varjonen
- Re: [Hipsec] I-D Action:draft-ietf-hip-cert-03.txt Mattes, David