[VIPR] Identity certificate segregation for VIPR
Marc Petit-Huguenin <petithug@acm.org> Tue, 07 February 2012 17:09 UTC
Return-Path: <petithug@acm.org>
X-Original-To: vipr@ietfa.amsl.com
Delivered-To: vipr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0304E21F85F1 for <vipr@ietfa.amsl.com>; Tue, 7 Feb 2012 09:09:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.326
X-Spam-Level:
X-Spam-Status: No, score=-102.326 tagged_above=-999 required=5 tests=[AWL=0.274, BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qY4G9mHw0Cy1 for <vipr@ietfa.amsl.com>; Tue, 7 Feb 2012 09:09:04 -0800 (PST)
Received: from implementers.org (implementers.org [IPv6:2604:3400:dc1:41:216:3eff:fe5b:8240]) by ietfa.amsl.com (Postfix) with ESMTP id F04CE21F885F for <vipr@ietf.org>; Tue, 7 Feb 2012 09:09:03 -0800 (PST)
Received: from [IPv6:2406:a000:f007:6f00:213:d4ff:fe04:3e08] (unknown [IPv6:2406:a000:f007:6f00:213:d4ff:fe04:3e08]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client CN "petithug", Issuer "implementers.org" (verified OK)) by implementers.org (Postfix) with ESMTPS id 9A0FB2043C for <vipr@ietf.org>; Tue, 7 Feb 2012 16:53:53 +0000 (UTC)
Message-ID: <4F315AA1.9030703@acm.org>
Date: Tue, 07 Feb 2012 09:08:49 -0800
From: Marc Petit-Huguenin <petithug@acm.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:8.0) Gecko/20120104 Icedove/8.0
MIME-Version: 1.0
To: "vipr@ietf.org" <vipr@ietf.org>
X-Enigmail-Version: 1.3.4
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Subject: [VIPR] Identity certificate segregation for VIPR
X-BeenThere: vipr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Verification Involving PSTN Reachability working group <vipr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/vipr>, <mailto:vipr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/vipr>
List-Post: <mailto:vipr@ietf.org>
List-Help: <mailto:vipr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/vipr>, <mailto:vipr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Feb 2012 17:09:05 -0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 The current version of RELOAD requires that the certificates used contain one or more Node-IDs and one username. This username plays no role in VIPR, so it is not only useless, but can also be a source of privacy leak. A proposal was made in the p2psip WG some time ago for Identity certificate segregation[1] (see also [2]), but the author is waiting for the final version of RELOAD to publish a draft about this. My proposal is to say in the RELOAD usage document that VIPR must not use certificates with username, and to put a placeholder for the reference to the upcoming draft about Identity certificate segregation. Opinions? Thanks. [1] http://www.ietf.org/mail-archive/web/p2psip/current/msg06005.html [2] http://ieeexplore.ieee.org/iel5/4105970/5783356/05783372.pdf?arnumber=5783372 - -- Marc Petit-Huguenin Personal email: marc@petit-huguenin.org Professional email: petithug@acm.org Blog: http://blog.marc.petit-huguenin.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBCAAGBQJPMVqgAAoJECnERZXWan7Efz8QALZRQRYyDYwHjMd8IIShYEsd IoaZXZLR/F367dTKwQuVxCufD1Bh9DEtPJeRxUr7JLlSOariEUgUH9IIa4JKSOzi +fQxdMEm3KdRagIx+fqqBNlA9E1WuaViy8Q/sprJHo8KFGNWya2POL8ffg3wIU58 Xhw6M28XV3Db7MbLfl/Oy2DTtHhs32OHMAoSXd/sCKPF8o51QVl/nCGnxUsqLKgq u1VD99fWmTKCe/dw7BLqtdn2HQGEpYtlrUaJSLDK1ot1LmlNYJnNfFvaa28omKmQ YY9T137gkqUQc552FxGpoSWK/7dY0+NFvMGpxAwpTMEkuKFZvAXydrMNbulTV+qT jP7PBjYWBa2uD1r8IiEY2sUO1y0wbuK5QmHPlADuoSyISacclYSUgLlAm3ei7Hg/ SLHq/gzd6+4PQfKoFfIk5/7Rk8Be+rnlk/PjVHE3Kyy9WsfXmd2pTBW87f5U8tFK PYfrVXbjkyyReOokupq6IgyocjnnCSu6lmMQJMnLVzfw8jumuDLDsNZVchGz9dZe Ql0E215ZDRfTs90EGmNRfa2QzcDTx+f3IIeyTYNUx1yjmNMRaWZwEa86mKx6d5mJ Nrn53TLbQQ59JmGkn1EA396IqSOd4otz0aevAz1FxWoVMoXZNpbP2DPWgCTwbVxj BfFRQqyLkM6R/2zF234C =w/9F -----END PGP SIGNATURE-----
- [VIPR] Identity certificate segregation for VIPR Marc Petit-Huguenin
- Re: [VIPR] Identity certificate segregation for V… Eric Rescorla
- Re: [VIPR] Identity certificate segregation for V… Marc Petit-Huguenin
- Re: [VIPR] Identity certificate segregation for V… Eric Rescorla
- Re: [VIPR] Identity certificate segregation for V… Marc Petit-Huguenin
- Re: [VIPR] Identity certificate segregation for V… Eric Rescorla
- Re: [VIPR] Identity certificate segregation for V… Marc Petit-Huguenin