Re: [sidr] revising Section 7.2 of RFC 6487
Geoff Huston <gih@apnic.net> Wed, 29 June 2016 02:07 UTC
Return-Path: <gih@apnic.net>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2CA0312D511 for <sidr@ietfa.amsl.com>; Tue, 28 Jun 2016 19:07:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -108.327
X-Spam-Level:
X-Spam-Status: No, score=-108.327 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-1.426, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1jmq7xIE4WtX for <sidr@ietfa.amsl.com>; Tue, 28 Jun 2016 19:07:53 -0700 (PDT)
Received: from ia-mailgw.apnic.net (ia-mailgw.apnic.net [IPv6:2001:dd8:a:851::25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 05ADF12D0D1 for <sidr@ietf.org>; Tue, 28 Jun 2016 19:07:52 -0700 (PDT)
Received: from NXMDA2.org.apnic.net (unknown [IPv6:2001:dd8:9:2::101:249]) by ia-mailgw.apnic.net (Halon Mail Gateway) with ESMTPS; Wed, 29 Jun 2016 12:07:52 +1000 (AEST)
Received: from [10.0.190.31] (203.119.101.249) by NXMDA2.org.apnic.net (203.119.107.21) with Microsoft SMTP Server (TLS) id 14.3.123.3; Wed, 29 Jun 2016 12:07:43 +1000
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: Geoff Huston <gih@apnic.net>
In-Reply-To: <f989d80e-2538-8b02-fc65-7a2cbf6a57ca@bbn.com>
Date: Wed, 29 Jun 2016 12:07:41 +1000
Content-Transfer-Encoding: quoted-printable
Message-ID: <4C5B2CAA-58AC-4A12-8C30-03FA4CB42BB2@apnic.net>
References: <bc4f2d97-e858-c834-b8c1-241f1cb0ed3a@bbn.com> <F5A6EBD6-49A8-4FBB-8039-53B09F4E0B9E@apnic.net> <f989d80e-2538-8b02-fc65-7a2cbf6a57ca@bbn.com>
To: Stephen Kent <kent@bbn.com>
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidr/r2Si5GDUS_MKleCdboHfzcyEqGE>
Cc: sidr <sidr@ietf.org>
Subject: Re: [sidr] revising Section 7.2 of RFC 6487
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Jun 2016 02:07:55 -0000
Thanks! I am now very comfortable with your text on this. Geoff > On 29 Jun 2016, at 3:39 AM, Stephen Kent <kent@bbn.com> wrote: > > Geoff, > > Thanks for reviewing the text. > > I modified the text to change "current VRS-IP" to be "... the value of the VRS-IP computed for certificate x-1" as per your suggestion. I also made this change for the corresponding VRS-AS text. > > I don't think we need to add a note about validation being performed "top down" since bullet B already says: "certificate '1' is a trust anchor" > > Steve >> FWIW, I like this formulation Steve. >> >> Possibly when you refer to "the current value of the VRS-IP” you may want to explicitly refer to the VRS-IP of certificate x-1 rather than “current”. >> >> I also wonder if it is worth noting that the enumerated steps outlined here are intended to be performed “top down” - i.e. from a trust anchor to the certificate to be validated. >> >> regards, >> >> Geoff >>
- Re: [sidr] revising Section 7.2 of RFC 6487 Tim Bruijnzeels
- Re: [sidr] revising Section 7.2 of RFC 6487 Geoff Huston
- Re: [sidr] revising Section 7.2 of RFC 6487 Stephen Kent
- Re: [sidr] revising Section 7.2 of RFC 6487 Geoff Huston
- [sidr] revising Section 7.2 of RFC 6487 Stephen Kent