Re: [Hipsec] I-D Action:draft-ietf-hip-cert-02.txt

Samu Varjonen <samu.varjonen@hiit.fi> Wed, 28 October 2009 06:18 UTC

Return-Path: <samu.varjonen@hiit.fi>
X-Original-To: hipsec@core3.amsl.com
Delivered-To: hipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 930633A685A for <hipsec@core3.amsl.com>; Tue, 27 Oct 2009 23:18:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0tOm1LNqFPYB for <hipsec@core3.amsl.com>; Tue, 27 Oct 2009 23:18:33 -0700 (PDT)
Received: from argo.otaverkko.fi (argo.otaverkko.fi [212.68.0.2]) by core3.amsl.com (Postfix) with ESMTP id 5B41B3A684F for <hipsec@ietf.org>; Tue, 27 Oct 2009 23:18:32 -0700 (PDT)
Received: from [192.168.1.11] (cs181123046.pp.htv.fi [82.181.123.46]) by argo.otaverkko.fi (Postfix) with ESMTP id 9678125ED06; Wed, 28 Oct 2009 08:18:46 +0200 (EET)
Message-ID: <4AE7E241.4060304@hiit.fi>
Date: Wed, 28 Oct 2009 08:18:41 +0200
From: Samu Varjonen <samu.varjonen@hiit.fi>
User-Agent: Thunderbird 2.0.0.23 (Windows/20090812)
MIME-Version: 1.0
To: "Mattes, David" <david.mattes@boeing.com>
References: <20091026103001.EED8F3A687C@core3.amsl.com> <4AE588A9.2010105@hiit.fi> <E330FAC0AD42A34E90F3467F5A37AA372546211D41@XCH-NW-11V.nw.nos.boeing.com>
In-Reply-To: <E330FAC0AD42A34E90F3467F5A37AA372546211D41@XCH-NW-11V.nw.nos.boeing.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: "hipsec@ietf.org" <hipsec@ietf.org>
Subject: Re: [Hipsec] I-D Action:draft-ietf-hip-cert-02.txt
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hipsec>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Oct 2009 06:18:34 -0000

Mattes, David kirjoitti:
> Hi Samu,
> 
> Quick work!  Thank you!
> 
> I still have an issue with Sections 3 and 4, with the statement:
>    "HITs need to be enclosed within the certificates, when using X.509.v3
>    certificates to transmit information related to HIP hosts."
> 
> Why is this necessary?  Can you either elaborate in the draft, or change "need to" to "can"?

It can be changed to "can". Altough, the HIT will be there for most 
cases, but not all.

> 
> Editorial nit:
> Section 2, Last paragraph, Sentence 2: s/LDAP URL/DN
> 

OK

> 
> Now I need to read the signaling draft!
> 
> Thank you,
> David
> 
>> -----Original Message-----
>> From: hipsec-bounces@ietf.org [mailto:hipsec-bounces@ietf.org] On Behalf
>> Of Samu Varjonen
>> Sent: Monday, October 26, 2009 4:32 AM
>> Cc: hipsec@ietf.org
>> Subject: Re: [Hipsec] I-D Action:draft-ietf-hip-cert-02.txt
>>
>> Hi,
>>
>> This is the new version of the HIP certificates.
>>
>> Modifications include:
>> - Editorial changes according to the discussions on the mailing list.
>> - Added new types for DN and LDAP URL
>> - Added signaling discussion and reference to the heer-hip-service-00
>>
>> Open questions:
>>
>> 1. Should signaling be defined specifically for hip-cert?
>>
>> Seems like overlapping work because hip-service already defines a
>> generic way to signal the requirements and failures but it is individual
>> submission.
>>
>> 2. Should hip-service be adopted as WG item and handled in bundle with
>>    hip-cert?
>>
>> Because the signaling is needed for the hosts to signal the need for a
>> certificate or for a chain of certificates. But referencing hip-service
>> cannot be done unless its taken forward at the same pace.
>>
>> 3. Or should the hip-cert be more generic?
>>
>> Then hip-cert would be about just the parameter and the signaling of
>> requirements and failures would be left to other documents such as
>> hip-service to handle (but which would progress on its own pace).
>>
>> 4. Gathering use case scenarios and adding examples to the draft?
>>
>> 5. Add new examples?
>>
>> If something seems to be missing or off. Please, inform me.
>>
>> Comments are welcome as usual.
>>
>> BR,
>> Samu Varjonen
>>
>> Internet-Drafts@ietf.org wrote:
>>> A New Internet-Draft is available from the on-line Internet-Drafts
>> directories.
>>> This draft is a work item of the Host Identity Protocol Working Group of
>> the IETF.
>>>
>>> 	Title           : HIP Certificates
>>> 	Author(s)       : T. Heer, S. Varjonen
>>> 	Filename        : draft-ietf-hip-cert-02.txt
>>> 	Pages           : 10
>>> 	Date            : 2009-10-26
>>>
>>> This document specifies a certificate parameter called CERT for the
>>> Host Identity Protocol (HIP).  The CERT parameter is a container for
>>> X.509.v3 certificates and for Simple Public Key Infrastructure (SPKI)
>>> certificates.  It is used for carrying these certificates in HIP
>>> control packets.  Additionally, this document specifies the
>>> representations of Host Identity Tags in X.509.v3 and in SPKI
>>> certificates.
>>>
>>> A URL for this Internet-Draft is:
>>> http://www.ietf.org/internet-drafts/draft-ietf-hip-cert-02.txt
>>>
>>> Internet-Drafts are also available by anonymous FTP at:
>>> ftp://ftp.ietf.org/internet-drafts/
>>>
>>> Below is the data which will enable a MIME compliant mail reader
>>> implementation to automatically retrieve the ASCII version of the
>>> Internet-Draft.
>>>
>>>
>>> ------------------------------------------------------------------------
>>>
>>> _______________________________________________
>>> Hipsec mailing list
>>> Hipsec@ietf.org
>>> https://www.ietf.org/mailman/listinfo/hipsec
>> _______________________________________________
>> Hipsec mailing list
>> Hipsec@ietf.org
>> https://www.ietf.org/mailman/listinfo/hipsec


-- 
BR,
Samu

"Programmer is an organism that changes caffeine into code"