Re: [secdir] Secdir review of draft-ietf-sidr-algorithm-agility-08

"Roque Gagliano (rogaglia)" <rogaglia@cisco.com> Mon, 17 December 2012 16:02 UTC

Return-Path: <rogaglia@cisco.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E9EDB21F8B49; Mon, 17 Dec 2012 08:02:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5qnZ8iEvf1XP; Mon, 17 Dec 2012 08:02:59 -0800 (PST)
Received: from rcdn-iport-5.cisco.com (rcdn-iport-5.cisco.com [173.37.86.76]) by ietfa.amsl.com (Postfix) with ESMTP id BC09F21F8B4A; Mon, 17 Dec 2012 08:02:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1113; q=dns/txt; s=iport; t=1355760179; x=1356969779; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=zNtCee6wucENO8WJssYL9JOA1qFIigbbbO3y4hTzrzw=; b=Olkn6loFzwPFjYIzvOy0w86npMlVcu8P70UMT7jClOyumohmAPZEcRKv WnJysFAI+tTi+sNY8g4yAiiJyvB4OFRujo9ZITq4DNYTXC4+7wiOzPyCQ IjdcZos8Ygyu8SniIQ340f/rj9VzQXvvRZVK/dE5V84+Yo/8yylwGh/ub 0=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Av8EAJFBz1CtJV2b/2dsb2JhbABFvjUWc4IeAQEBAwE6PwULAgEIIhQQMiUCBA4NEYd0BroEkD9hA6ZSgnOBZCIc
X-IronPort-AV: E=Sophos;i="4.84,302,1355097600"; d="scan'208";a="153789135"
Received: from rcdn-core-4.cisco.com ([173.37.93.155]) by rcdn-iport-5.cisco.com with ESMTP; 17 Dec 2012 16:02:58 +0000
Received: from xhc-rcd-x10.cisco.com (xhc-rcd-x10.cisco.com [173.37.183.84]) by rcdn-core-4.cisco.com (8.14.5/8.14.5) with ESMTP id qBHG2wQf010027 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Mon, 17 Dec 2012 16:02:58 GMT
Received: from xmb-rcd-x02.cisco.com ([169.254.4.222]) by xhc-rcd-x10.cisco.com ([173.37.183.84]) with mapi id 14.02.0318.004; Mon, 17 Dec 2012 10:02:58 -0600
From: "Roque Gagliano (rogaglia)" <rogaglia@cisco.com>
To: "Brian Weis (bew)" <bew@cisco.com>
Thread-Topic: Secdir review of draft-ietf-sidr-algorithm-agility-08
Thread-Index: AQHN2Z7mAg8yZfnng0akBXDnVBP64pgYjNAAgABvmACABJTigA==
Date: Mon, 17 Dec 2012 16:02:57 +0000
Message-ID: <EF4348D391D0334996EE9681630C83F021FF7BAE@xmb-rcd-x02.cisco.com>
References: <2D9BAC01-1B3C-4D5A-84AD-CD8CA8FCCAE3@cisco.com> <EF4348D391D0334996EE9681630C83F021FEC7B8@xmb-rcd-x02.cisco.com> <1BC70302-9D09-479C-B9A6-01F9C70F70DF@cisco.com>
In-Reply-To: <1BC70302-9D09-479C-B9A6-01F9C70F70DF@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.55.86.205]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <A4737EC807F6144985F6CDB2154D59BD@cisco.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "<draft-ietf-sidr-algorithm-agility.all@tools.ietf.org>" <draft-ietf-sidr-algorithm-agility.all@tools.ietf.org>, The IESG <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] Secdir review of draft-ietf-sidr-algorithm-agility-08
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Dec 2012 16:03:00 -0000

Hi Brian,

> This sounds like a good clarification. Whereas Suite C product sets may be incomplete (due to expiration of certificates) they are still considered valid until Phase 4 has completed. The only suggestion I might have is to change "remove" to "remove or revoke".

We normally use the term "remove" only as there are too many combinations for revocation in this case. Please note that Algorithm C will only be deprecated at the next phase, so we are not even asking for the revocation of the material anyways.

Regards,
Roque



> Thanks,
> Brian
> 
>>> Nits:
>>> - Section 3, "Corresponds" definition: s/Resoureces/Resources/
>>> - Section 4.1, "End Of Life (EOL) Date definition: s/is MUST/MUST/
>>> - Section 7, last paragraph. The final sentence would be clearer if it read "Since Suite C products are being deprecated during Phase 4, a CA may revoke certificates issued under Suite C without revoking them under Suite A." Ignore if you don't agree.
>>> 
>> 
>> Thanks! Will Change for next version.
>> 
>> 
>> 
>>> Brian
>> 
>