Re: [Sip] Verifying changes in draft-ietf-sip-certs
Cullen Jennings <fluffy@cisco.com> Tue, 21 September 2010 18:35 UTC
Return-Path: <fluffy@cisco.com>
X-Original-To: sip@core3.amsl.com
Delivered-To: sip@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix)
with ESMTP id 4399E3A6A86 for <sip@core3.amsl.com>;
Tue, 21 Sep 2010 11:35:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.496
X-Spam-Level:
X-Spam-Status: No, score=-110.496 tagged_above=-999 required=5 tests=[AWL=0.103,
BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id byi8-BUv2c51 for
<sip@core3.amsl.com>; Tue, 21 Sep 2010 11:35:06 -0700 (PDT)
Received: from sj-iport-3.cisco.com (sj-iport-3.cisco.com [171.71.176.72]) by
core3.amsl.com (Postfix) with ESMTP id 101113A695B for <sip@ietf.org>;
Tue, 21 Sep 2010 11:35:06 -0700 (PDT)
Authentication-Results: sj-iport-3.cisco.com;
dkim=neutral (message not signed) header.i=none
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AvsEAHeXmEyrR7Ht/2dsb2JhbACiKnGoKJxEhUEEhE6FaoJ+
X-IronPort-AV: E=Sophos;i="4.56,401,1280707200"; d="scan'208";a="239488327"
Received: from sj-core-1.cisco.com ([171.71.177.237]) by sj-iport-3.cisco.com
with ESMTP; 21 Sep 2010 18:35:31 +0000
Received: from [192.168.4.177] (rcdn-fluffy-8711.cisco.com [10.99.9.18]) by
sj-core-1.cisco.com (8.13.8/8.14.3) with ESMTP id o8LIZUgA006571;
Tue, 21 Sep 2010 18:35:30 GMT
Mime-Version: 1.0 (Apple Message framework v1081)
Content-Type: text/plain; charset=us-ascii
Impp: xmpp:cullenfluffyjennings@jabber.org
From: Cullen Jennings <fluffy@cisco.com>
In-Reply-To: <1AD775DB-24D8-4B04-83F1-D7D1521A164F@nostrum.com>
Date: Tue, 21 Sep 2010 12:35:29 -0600
Content-Transfer-Encoding: quoted-printable
Message-Id: <D3D7945E-50F2-49E9-8E81-AC620F184F7E@cisco.com>
References: <1AD775DB-24D8-4B04-83F1-D7D1521A164F@nostrum.com>
To: SIP List <sip@ietf.org>
X-Mailer: Apple Mail (2.1081)
Cc: Dean Willis <dean.willis@softarmor.com>
Subject: Re: [Sip] Verifying changes in draft-ietf-sip-certs
X-BeenThere: sip@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Session Initiation Protocol <sip.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sip>,
<mailto:sip-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sip>
List-Post: <mailto:sip@ietf.org>
List-Help: <mailto:sip-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sip>,
<mailto:sip-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Sep 2010 18:35:08 -0000
The main change to the draft is the addition of some stronger crypto - namely AES and SHA256. Deployments can use either SHA1 or SHA256. Given some of the attacks on SHA1 since the time this draft was in started, the security folks feel it is best to have SHA256 as well as SHA1. We also added pointers to other IETF documents that give advice on storing private keys on devices and removed a requirement around the names in self signed certificates as that added no security and reduced which certificates could be used. Cullen On Sep 21, 2010, at 12:22 PM, Robert Sparks wrote: > All - > > The last discuss on draft-ietf-sip-certs has cleared. The draft received a few substantial > changes as a result of IESG evaluation. I'd like folks to look through what's changed before > approving the document. > > Please look over draft-ietf-sip-certs-15 and comment before Sep 30. > This diff, in particular, highlights the changes due to IESG evaluation: > <http://tools.ietf.org/rfcdiff?url1=draft-ietf-sip-certs-11&difftype=--hwdiff&submit=Go!&url2=draft-ietf-sip-certs-15> > > Thanks, > > RjS
- [Sip] Verifying changes in draft-ietf-sip-certs Robert Sparks
- Re: [Sip] Verifying changes in draft-ietf-sip-cer… Cullen Jennings