IETF Logo Mail Archive

Re: [Netconf] WGLC for draft-ietf-netconf-tls-04.txt

Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de> Sat, 27 September 2008 09:11 UTC

Return-Path: <netconf-bounces@ietf.org>
X-Original-To: netconf-archive@lists.ietf.org
Delivered-To: ietfarch-netconf-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D86193A6A96; Sat, 27 Sep 2008 02:11:11 -0700 (PDT)
X-Original-To: netconf@core3.amsl.com
Delivered-To: netconf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2AEDF3A69EB for <netconf@core3.amsl.com>; Sat, 27 Sep 2008 02:11:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.249
X-Spam-Level:
X-Spam-Status: No, score=-2.249 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_DE=0.35]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PYd3P3kes8Eu for <netconf@core3.amsl.com>; Sat, 27 Sep 2008 02:11:10 -0700 (PDT)
Received: from hermes.jacobs-university.de (hermes.jacobs-university.de [212.201.44.23]) by core3.amsl.com (Postfix) with ESMTP id 19F2A3A6A17 for <netconf@ietf.org>; Sat, 27 Sep 2008 02:11:10 -0700 (PDT)
Received: from localhost (demetrius3.jacobs-university.de [212.201.44.48]) by hermes.jacobs-university.de (Postfix) with ESMTP id 05724C0086; Sat, 27 Sep 2008 11:10:49 +0200 (CEST)
X-Virus-Scanned: amavisd-new at jacobs-university.de
Received: from hermes.jacobs-university.de ([212.201.44.23]) by localhost (demetrius3.jacobs-university.de [212.201.44.32]) (amavisd-new, port 10024) with ESMTP id XM9FHcKRnlek; Sat, 27 Sep 2008 11:10:42 +0200 (CEST)
Received: from elstar.local (elstar.iuhb02.iu-bremen.de [10.50.231.133]) by hermes.jacobs-university.de (Postfix) with ESMTP id 86E6BC0079; Sat, 27 Sep 2008 11:10:42 +0200 (CEST)
Received: by elstar.local (Postfix, from userid 501) id 681827BAF25; Sat, 27 Sep 2008 11:10:42 +0200 (CEST)
Date: Sat, 27 Sep 2008 11:10:42 +0200
From: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
To: badra@isima.fr
Message-ID: <20080927091042.GB431@elstar.local>
Mail-Followup-To: badra@isima.fr, mehmet.ersue@nsn.com, netconf@ietf.org
References: <50947.88.164.98.77.1222460713.squirrel@www.isima.fr>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <50947.88.164.98.77.1222460713.squirrel@www.isima.fr>
User-Agent: Mutt/1.5.18 (2008-05-17)
Cc: netconf@ietf.org
Subject: Re: [Netconf] WGLC for draft-ietf-netconf-tls-04.txt
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: j.schoenwaelder@jacobs-university.de
List-Id: Network Configuration WG mailing list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www.ietf.org/mailman/private/netconf>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: netconf-bounces@ietf.org
Errors-To: netconf-bounces@ietf.org

On Fri, Sep 26, 2008 at 10:25:13PM +0200, badra@isima.fr wrote:
 
> OLD:
> 
>    Section 3.1 describes how the client authenticates the server if
>    public key certificates are provided by the server, section 3.2
>    describes how the server authenticates the client if public key
>    certificates are provided by the client, and section 3.3 describes how
>    the client and server mutually authenticate one another using a pre-
>    shared key (PSK).
> 
> NEW:
> 
>    Section 3.1 describes how the client authenticates the server if
>    public key certificates are provided by the server, section 3.2
>    describes how the server authenticates the client if public key
>    certificates are provided by the client, and section 3.3 describes how
>    the client and server MAY mutually authenticate one another using a
>    pre-shared key (PSK). ^^^

OK

> OLD:
> 
>    A compliant implementation of the protocol specified in this document
>    MUST implement the cipher suite TLS_DHE_PSK_WITH_AES_128_CBC_SHA and
>    MAY implement any TLS cipher suite that provides mutual authentication.
> 
> NEW:
> 
>    A compliant implementation of the protocol specified in this document
>    MAY implement any TLS cipher suite that provides mutual authentication.
> 
>    For authentication based on PSKs, a compliant implementation MUST
>    implement the cipher suite TLS_DHE_PSK_WITH_AES_128_CBC_SHA.

I suggest to add "[RFC4279]" to end of the sentence so that it is easy
to find the definition.

>    Fro authentication based on public key certificates, a compliant
>    implementation MUST implement the 'mandatory cipher suite' specified by
>    each TLS version (e.g.  with TLS 1.2, the mandotary cipher suite is
>    TLS_RSA_WITH_AES_128_CBC_SHA).

Please s/Fro/For and add "[RFC 5246]" as a service to the readers.

/js

-- 
Juergen Schoenwaelder           Jacobs University Bremen gGmbH
Phone: +49 421 200 3587         Campus Ring 1, 28759 Bremen, Germany
Fax:   +49 421 200 3103         <http://www.jacobs-university.de/>
_______________________________________________
Netconf mailing list
Netconf@ietf.org
https://www.ietf.org/mailman/listinfo/netconf

v2.23.0 | Report a Bug | By Email