IETF Logo Mail Archive

Re: [sidr] revising Section 7.2 of RFC 6487

Geoff Huston <gih@apnic.net> Sat, 25 June 2016 14:56 UTC

Return-Path: <gih@apnic.net>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 14EE412D106 for <sidr@ietfa.amsl.com>; Sat, 25 Jun 2016 07:56:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -108.327
X-Spam-Level:
X-Spam-Status: No, score=-108.327 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-1.426, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5TYotoqMg9FK for <sidr@ietfa.amsl.com>; Sat, 25 Jun 2016 07:56:34 -0700 (PDT)
Received: from ao-mailgw.apnic.net (ao-mailgw.apnic.net [IPv6:2001:dd8:8:701::25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D5B5D12D0F8 for <sidr@ietf.org>; Sat, 25 Jun 2016 07:56:33 -0700 (PDT)
Received: from NXMDA2.org.apnic.net (unknown [IPv6:2001:dd8:9:2::101:249]) by ao-mailgw.apnic.net (Halon Mail Gateway) with ESMTPS; Sun, 26 Jun 2016 00:56:29 +1000 (AEST)
Received: from [10.200.196.164] (203.119.101.249) by NXMDA2.org.apnic.net (203.119.107.21) with Microsoft SMTP Server (TLS) id 14.3.123.3; Sun, 26 Jun 2016 00:56:25 +1000
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: Geoff Huston <gih@apnic.net>
In-Reply-To: <bc4f2d97-e858-c834-b8c1-241f1cb0ed3a@bbn.com>
Date: Sun, 26 Jun 2016 00:56:25 +1000
Content-Transfer-Encoding: quoted-printable
Message-ID: <F5A6EBD6-49A8-4FBB-8039-53B09F4E0B9E@apnic.net>
References: <bc4f2d97-e858-c834-b8c1-241f1cb0ed3a@bbn.com>
To: Stephen Kent <kent@bbn.com>
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidr/Ia1sojgGihi70AFGFY1iDje7sig>
Cc: sidr <sidr@ietf.org>
Subject: Re: [sidr] revising Section 7.2 of RFC 6487
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 25 Jun 2016 14:56:36 -0000

FWIW, I like this formulation Steve.

Possibly when you refer to "the current value of the VRS-IP” you may want to explicitly refer to the VRS-IP of certificate x-1 rather than “current”.

I also wonder if it is worth noting that the enumerated steps outlined here are intended to be performed “top down” - i.e. from a trust anchor to the certificate to be validated. 

regards,

  Geoff

> On 25 Jun 2016, at 5:04 AM, Stephen Kent <kent@bbn.com> wrote:
> 
> I've been discussing details of text in the "validation revisited" I-D with Tim, now that he has become the primary editor.  I believe a description of a new validation  algorithm will be cleaner and easier to understand if we replace all of section 7.2 in 6487, rather than trying to change just step 6. Most of the text will remain the same, but I've tried to simplify the language where appropriate, to correct a technical error (in describing validity checking), and add text needed to describe the revised alg. I think it makes sense to fix the section while we're updating 6487.  Here is my proposed re-write for this section. I've marked the changed text as bold, and included red comments to explain the rationale for the suggested changes.
> 
> Steve
>

v2.23.0 | Report a Bug | By Email