Re: [secdir] SecDir review of draft-ietf-hip-rfc6253-bis-08

Gonzalo Camarillo <Gonzalo.Camarillo@ericsson.com> Fri, 24 June 2016 14:01 UTC

Return-Path: <gonzalo.camarillo@ericsson.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7EBAB12D0C8; Fri, 24 Jun 2016 07:01:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -104.221
X-Spam-Level:
X-Spam-Status: No, score=-104.221 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9rWiY42ny6ui; Fri, 24 Jun 2016 07:01:38 -0700 (PDT)
Received: from sessmg23.ericsson.net (sessmg23.ericsson.net [193.180.251.45]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 43E1112DB40; Fri, 24 Jun 2016 07:01:17 -0700 (PDT)
X-AuditID: c1b4fb2d-f79936d0000030e4-90-576d3d2b7472
Received: from ESESSHC004.ericsson.se (Unknown_Domain [153.88.183.30]) by sessmg23.ericsson.net (Symantec Mail Security) with SMTP id B5.1E.12516.B2D3D675; Fri, 24 Jun 2016 16:01:15 +0200 (CEST)
Received: from [148.135.149.68] (153.88.183.153) by smtp.internal.ericsson.com (153.88.183.32) with Microsoft SMTP Server id 14.3.294.0; Fri, 24 Jun 2016 16:01:14 +0200
To: Sean Turner <sean@sn3rd.com>, <secdir@ietf.org>, The IESG <iesg@ietf.org>, <draft-ietf-hip-rfc6253-bis.all@ietf.org>
References: <915CE941-46AF-466F-A2B6-294AE387C538@sn3rd.com>
From: Gonzalo Camarillo <Gonzalo.Camarillo@ericsson.com>
Message-ID: <d6eecbd3-0afe-38de-b98c-cb22d15fdd64@ericsson.com>
Date: Fri, 24 Jun 2016 17:01:14 +0300
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.1.1
MIME-Version: 1.0
In-Reply-To: <915CE941-46AF-466F-A2B6-294AE387C538@sn3rd.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFtrDLMWRmVeSWpSXmKPExsUyM2K7nK62bW64wb+lKhZT139mt5jxZyKz xZVVjcwWHxY+ZHFg8Viy5CeTx8GDjAFMUVw2Kak5mWWpRfp2CVwZz282sxQ0sFese3mTsYHx FmsXIyeHhICJxIrLvcwQtpjEhXvr2boYuTiEBI4wSix82cwC4axhlHi8YjY7SJWwgLXE6fVd YLaIQJXEtndXwSYJCdhIdKxZA2azCVhIbLl1nwXE5hWwlzi+8xpYPYuAqsSqN//B4qICMRKN tw+zQ9QISpyc+QQszilgK3Hn+yegOAcHs4CmxPpd+iBhZgF5ieats5khVmlLLH/WwjKBUWAW ku5ZCB2zkHQsYGRexShanFpcnJtuZKyXWpSZXFycn6eXl1qyiREYpge3/Nbdwbj6teMhRgEO RiUe3gXKOeFCrIllxZW5hxglOJiVRHhDbXLDhXhTEiurUovy44tKc1KLDzFKc7AoifP6v1QM FxJITyxJzU5NLUgtgskycXBKNTBqMvz1rNa7HF10a2bmlIzVMh7yLP8DHzm2l4SzLZFWk2Hf 7hvxMoip8O6pD19zzjWflmKcXCK14MjHSWvEs4pywgzm7NjHOd/w4qkbjRsTTiSIFXXopZf7 t9qozZ+74rvZg+Ddby9+DfykHmezT5Az+rjhbxO2NXKBC5ymOj6fOZvLQECf8ZMSS3FGoqEW c1FxIgCihcgMTwIAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/KZJRx-e4pxvzv8G5JQAvY2jBnaE>
Subject: Re: [secdir] SecDir review of draft-ietf-hip-rfc6253-bis-08
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Jun 2016 14:01:41 -0000

Thanks for the review, Sean!

Gonzalo

On 24/06/2016 4:23 PM, Sean Turner wrote:
> I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors.  Document editors and WG chairs should treat these comments just like any other last call comments.
> 
> This document specifies the certificate parameter and the error signaling in case of a failed verification.  Additionally, this document specifies the representations of Host Identity Tags in X.509 version 3 (v3).  This version deprecates the SPKI representations, makes use IAN and SAN SHOULD vice MUST, treats all revocation reasons as “revoked”, and doesn’t require that the entire cert path be sent.
> 
> Summary: Ship-It.
> 
> Comments: None.
> 
> spt
>