Re: Last Call: draft-solinas-suiteb-cert-profile (Suite B Certificate and Certificate Revocation List (CRL) Profile) to Informational RFC
Paul Hoffman <paul.hoffman@vpnc.org> Fri, 05 June 2009 23:58 UTC
Return-Path: <owner-ietf-pkix@mail.imc.org>
X-Original-To: ietfarch-pkix-archive@core3.amsl.com
Delivered-To: ietfarch-pkix-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DBC153A69F2 for <ietfarch-pkix-archive@core3.amsl.com>; Fri, 5 Jun 2009 16:58:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.266
X-Spam-Level:
X-Spam-Status: No, score=-2.266 tagged_above=-999 required=5 tests=[AWL=-0.267, BAYES_00=-2.599, J_CHICKENPOX_31=0.6]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t925fRFZKZA4 for <ietfarch-pkix-archive@core3.amsl.com>; Fri, 5 Jun 2009 16:58:09 -0700 (PDT)
Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id C5C513A696E for <pkix-archive@ietf.org>; Fri, 5 Jun 2009 16:58:08 -0700 (PDT)
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n55N9gYp060066 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 5 Jun 2009 16:09:42 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n55N9guE060065; Fri, 5 Jun 2009 16:09:42 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from [10.20.30.158] (dsl-63-249-108-169.static.cruzio.com [63.249.108.169]) (authenticated bits=0) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n55N9Y1r060053 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 5 Jun 2009 16:09:35 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
Mime-Version: 1.0
Message-Id: <p0624080ec64f538fe0bb@[10.20.30.158]>
In-Reply-To: <4A294A2D.9040001@ieca.com>
References: <20090603153330.F25083A6A89@core3.amsl.com> <4A294A2D.9040001@ieca.com>
Date: Fri, 05 Jun 2009 16:09:32 -0700
To: Sean Turner <turners@ieca.com>, ietf@ietf.org, Lydia Zieglar <llziegl@tycho.ncsc.mil>, Jerry Solinas <jasolin@orion.ncsc.mil>
From: Paul Hoffman <paul.hoffman@vpnc.org>
Subject: Re: Last Call: draft-solinas-suiteb-cert-profile (Suite B Certificate and Certificate Revocation List (CRL) Profile) to Informational RFC
Cc: pkix <ietf-pkix@imc.org>
Content-Type: text/plain; charset="us-ascii"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
At 12:39 PM -0400 6/5/09, Sean Turner wrote: >#1 Non-repudiation bit > >During the development of other profiles where the NR bit wasn't set, sometime after the profile gets developed I've usually gotten questions like "so you're not setting N-R can I use it for non-repudiation services?" To answer this question, I sometimes put text in that said yes you can (below). Maybe we should add something like this maybe in the security considerations? > >Note that setting keyCertSign, cRLSign, and digitialSignature also means >that the certificate could be used by applications that require >non-repudiation services for certificate, CRL, and content signing, >respectively. I disagree that this needs to be added, and I certainly don't think this qualifies as a security consideration. The draft already says (three times...) that the nonRepudiation bit MAY be set. >#5 Question: 4.2 Conversion Routine > >Aren't the conversion routines in SEC1 and ANSI X9.62 the same? 5480 >pointed to SEC1 because it was more readily available (online and free >versus online and not free for ANSI). Curious why you chose to point to >3279 and not 5480? 2.3.5 of 3279 points to 4.3.3 and 4.3.6 of ANSI >X9.62. 2.2 of 5480 points to 2.3.1 and 2.3.2 of SEC1G. If we don't >point to 3279 here and the next one, you could delete it as a reference. > That's a good question. It is good for us to point to free and easily-retrieved documents when possible. --Paul Hoffman, Director --VPN Consortium
- Fwd: Last Call: draft-solinas-suiteb-cert-profile… Russ Housley
- Re: Last Call: draft-solinas-suiteb-cert-profile … Sean Turner
- Re: Last Call: draft-solinas-suiteb-cert-profile … Paul Hoffman
- RE: Last Call: draft-solinas-suiteb-cert-profile … Zieglar, Lydia L.