IETF Logo Mail Archive

Re: [Hipsec] draft-ietf-hip-cert-04 review

Ari Keranen <ari.keranen@nomadiclab.com> Sun, 07 November 2010 00:53 UTC

Return-Path: <ari.keranen@nomadiclab.com>
X-Original-To: hipsec@core3.amsl.com
Delivered-To: hipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E3CE528C0CF for <hipsec@core3.amsl.com>; Sat, 6 Nov 2010 17:53:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FjzVCqray3HH for <hipsec@core3.amsl.com>; Sat, 6 Nov 2010 17:53:16 -0700 (PDT)
Received: from gw.nomadiclab.com (unknown [IPv6:2001:14b8:400:101::2]) by core3.amsl.com (Postfix) with ESMTP id 7EDB03A6946 for <hipsec@ietf.org>; Sat, 6 Nov 2010 17:53:15 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by gw.nomadiclab.com (Postfix) with ESMTP id AC47A4E6D7; Sun, 7 Nov 2010 01:48:34 +0200 (EET)
X-Virus-Scanned: amavisd-new at nomadiclab.com
Received: from gw.nomadiclab.com ([127.0.0.1]) by localhost (inside.nomadiclab.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h4jqwI3xf7aV; Sun, 7 Nov 2010 01:48:33 +0200 (EET)
Received: from [127.0.0.1] (localhost [IPv6:::1]) by gw.nomadiclab.com (Postfix) with ESMTP id 3B63F4E6BD; Sun, 7 Nov 2010 01:48:28 +0200 (EET)
Message-ID: <4CD5F888.6010806@nomadiclab.com>
Date: Sun, 07 Nov 2010 08:53:28 +0800
From: Ari Keranen <ari.keranen@nomadiclab.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; fi; rv:1.9.2.8) Gecko/20100802 Lightning/1.0b2 Thunderbird/3.1.2
MIME-Version: 1.0
To: Samu Varjonen <samu.varjonen@hiit.fi>
References: <20100923104502.A5CA73A6951@core3.amsl.com> <4C9B337D.4000904@hiit.fi> <4C9B580A.4080808@nomadiclab.com> <4CA06B6E.3060308@hiit.fi> <4CA34445.6040007@nomadiclab.com> <4CA97A29.2080204@hiit.fi> <4CA97A85.4070709@hiit.fi> <4CD2DE58.8060202@hiit.fi>
In-Reply-To: <4CD2DE58.8060202@hiit.fi>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: HIP <hipsec@ietf.org>
Subject: Re: [Hipsec] draft-ietf-hip-cert-04 review
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hipsec>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 07 Nov 2010 00:53:18 -0000

Hi Samu,

5.11.2010 0:24, Samu Varjonen kirjoitti:
> On 10/04/2010 09:56 AM, Samu Varjonen wrote:
>> On 04/10/10 09:54, Samu Varjonen wrote:
>>> On 29/09/10 16:51, Ari Keranen wrote:
>>>> On 09/27/2010 01:01 PM, Samu Varjonen wrote:
>>>>> On 23/09/10 16:37, Ari Keranen wrote:
>>>>>> Format:
>>>>>> Issuer: CN=hit-of-host
>>>>>> Subject: CN=hit-of-host
>>>>>>
>>>>>> X509v3 extensions:
>>>>>> X509v3 Issuer Alternative Name:
>>>>>> IP Address:HIT-OF-HOST
>>>>>> X509v3 Subject Alternative Name:
>>>>>> IP Address:HIT-OF-HOST
>>>>>>
>>>>>> From here (and especially from the example) one gets the idea that
>>>>>> the
>>>>>> exact same information would be there 4 times. The issuer and subject
>>>>>> can be (and often are?) different, right?
>>>>>>
>>>>>
>>>>> The answer is above the example.
>>>>>
>>>>> "
>>>>> If only HIP information is presented as either
>>>>> the issuer or the subject the HIT is also placed into the respective
>>>>> entity's DNs Common Name (CN) section in a colon delimited
>>>>> presentation format. *Inclusion of CN is not necessary if DN contains
>>>>> any other information.* It is RECOMMENDED to use the FQDN/NAI from
>>>>> the hosts HOST_ID parameter in the DN if one exists.
>>>>> "
>>>>>
>>>>> Do you think that this needs clarification?
>>>>
>>>> Yes, that would help.
>>>>
>>>> For example, what is meant by "only HIP information" is not really
>>>> clear. Also I guess it should say "DN's" instead of "DNs" in the text.
>>>> And there isn't any text on whether the issuer and subject HITs can be
>>>> different (the text and example implies that they're always identical).
>>>>
>>>
>>> OK, I can change the example to contain different HITs as issuer and
>>> subject and clarify the paragraph.
>>>
>
> Here is the new version:
>
> http://www.cs.helsinki.fi/u/sklvarjo/draft-ietf-hip-cert-04-pre04.txt
>
> Can you check out especially Section 3. to see if the clarifications
> (for the above) work for you or if you have other suggestion for
> improving the document.

Looks better now, thanks! Few comments still:

In the example, it would be better to use "Format of [...]" instead of 
just "Format".

I mentioned about this already earlier in this thread (recommended 
RFC5952), but should you be more specific of the presentation format or 
is anything OK? Or is there some reason not to recommend anything for this?


Cheers,
Ari

v2.29.0 | Report a Bug | By Email | System Status