[pkix] Protocol Action: 'ESSCertIDv2 update for RFC 3161' to Proposed Standard
The IESG <iesg-secretary@ietf.org> Mon, 11 January 2010 17:07 UTC
Return-Path: <wwwrun@core3.amsl.com>
X-Original-To: pkix@ietf.org
Delivered-To: pkix@core3.amsl.com
Received: by core3.amsl.com (Postfix, from userid 30) id 988BC3A67E6; Mon, 11 Jan 2010 09:07:37 -0800 (PST)
X-idtracker: yes
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Message-Id: <20100111170737.988BC3A67E6@core3.amsl.com>
Date: Mon, 11 Jan 2010 09:07:37 -0800
Cc: pkix mailing list <pkix@ietf.org>, pkix chair <pkix-chairs@tools.ietf.org>, Internet Architecture Board <iab@iab.org>, RFC Editor <rfc-editor@rfc-editor.org>
Subject: [pkix] Protocol Action: 'ESSCertIDv2 update for RFC 3161' to Proposed Standard
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pkix>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Jan 2010 17:07:37 -0000
The IESG has approved the following document: - 'ESSCertIDv2 update for RFC 3161 ' <draft-ietf-pkix-rfc3161-update-09.txt> as a Proposed Standard This document is the product of the Public-Key Infrastructure (X.509) Working Group. The IESG contact persons are Tim Polk and Pasi Eronen. A URL of this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-pkix-rfc3161-update-09.txt Technical Summary The time stamping protocol defined in RFC 3161 requires that the CMS SignedData (RFC 3852), used to apply a digital signature on the time-stamp token, include a signed attribute that identifies the signer's certificate. This document updates RFC 3161 and allows the use of ESSCertIDv2 defined in RFC 5035 to specify the hash of a signer certificate when the hash is calculated with a function other than SHA-1. The update provided by this draft is motivated by interoperability concerns and to facilitate migration to other hash algorithms. Work Group Summary This draft is the second attempt by the PKIX working group to specify an update of RFC 3161 to accommodate the ESSCertIDv2 identifier in RFC 3161 time stamps. Prior to this draft, another author (Denis Pinkas) submitted a draft that would have replaced RFC 3161. The workgroup rejected this draft on the basis that it introduced many material changes to the original RFC that were not viewed as necessary. As a result, this very brief document was created to provide just the necessary updates of ESSCertIDv2. The protocol update portions of this document were very simple and not controversial. The Security Considerations section proved to be a significant challenge, as WG members demonstrated different opinions regarding the nature and severity of the threat mitigated by this protocol update. There was also some disagreement over whether this threat was within the scope of this document. The WG agreed on the present wording after considerable debate. Document Quality The document is very brief and is clearly written. Personnel Steve Kent is the Document Shepherd and Tim Polk is the Responsible Area Director.