I think there was a desire to allow an overlay to separate the roles of servers distributing configuration files and handling initial enrollment of new nodes or users. But I agree that the text in 10.2 totally confuses the two. We should clarify that. Thanks.
Bruce 2010/12/22 <[email protected]> > > Hi, Julian > > I am still confused. > I don't think the user/node certificate is contained in configuration file > because configuration file is redistributed by peers. > The configuration file in Section 10.1 contains the enrollment server's > URL. However, Section 10.2 suggests using DNS to locate enrollment server > and downloading configuration file from enrollment server. > > > > BR > Lichun > > > > *jc <[email protected]>* > > 2010-12-17 17:44 > 收件人 > "[email protected]" <[email protected]> > 抄送 > P2PSIP WG <[email protected]> > 主题 > Re: [P2PSIP] Where to get configuration file and certificate? > > > > > > > Sent from my iPhone > > On Dec 17, 2010, at 4:08 AM, > *[email protected]*<[email protected]>wrote: > > > According to Section 3.6, configuration file and certificate are obtained > from configuration server and enrollment server respectively. > But according to Section 10.2, configuration file is obtained from > enrollment server. > > > The enrollment server IS the configuration server. The certificates are > stored in the configuration file on the enrollment server. So this lingo > about "configuration server" should be removed or reworded. > > > BR > Lichun > > > *jc <**[email protected]* <[email protected]>*>* > > 2010-12-17 16:54 > > 收件人 > "*[email protected]* <[email protected]>" > <*[email protected]*<[email protected]> > > > 抄送 > P2PSIP WG <*[email protected]* <[email protected]>> > 主题 > Re: [P2PSIP] Where to get configuration file and certificate? > > > > > > > What are your questions exactly? > > dns_srv->connect->get->parse_xml is the flow. > > Julian > > On Dec 17, 2010, at 1:51 AM, > *[email protected]*<[email protected]>wrote: > > > I am confused about the enrollment in RELOAD base draft. > > Section 3.6.1. of RELOAD base draft says: > " The node does a DNS SRV lookup on the > overlay name to get the address of a configuration server. It can > then connect to this server with HTTPS to download a configuration > document which contains the basic overlay configuration parameters as > well as a set of bootstrap nodes which can be used to join the > overlay." > > Section 3.6.2. of RELOAD base draft says: > "In that case, the > configuration document will contain the address of an enrollment > server which can be used to obtain such a certificate." > > Section 10.2. of RELOAD base draft says: > "Once an address and URL for the enrollment server is determined, the > peer forms an HTTPS connection to that IP address. The certificate > MUST match the overlay name as described in > [*RFC2818*<http://tools.ietf.org/html/rfc2818>]. > Then the node > MUST fetch a new copy of the configuration file. To do this, the > peer performs a GET to the URL. " > > BR > Lichun > > -------------------------------------------------------- > ZTE Information Security Notice: The information contained in this mail is > solely property of the sender's organization. This mail communication is > confidential. Recipients named above are obligated to maintain secrecy and > are not permitted to disclose the contents of this communication to others. > This email and any files transmitted with it are confidential and intended > solely for the use of the individual or entity to whom they are addressed. > If you have received this email in error please notify the originator of the > message. Any views expressed in this message are those of the individual > sender. > This message has been scanned for viruses and Spam by ZTE Anti-Spam system. > > _______________________________________________ > P2PSIP mailing list* > **[email protected]* <[email protected]>* > **https://www.ietf.org/mailman/listinfo/p2psip*<https://www.ietf.org/mailman/listinfo/p2psip> > > -------------------------------------------------------- > ZTE Information Security Notice: The information contained in this mail is > solely property of the sender's organization. This mail communication is > confidential. Recipients named above are obligated to maintain secrecy and > are not permitted to disclose the contents of this communication to others. > This email and any files transmitted with it are confidential and intended > solely for the use of the individual or entity to whom they are addressed. > If you have received this email in error please notify the originator of the > message. Any views expressed in this message are those of the individual > sender. > This message has been scanned for viruses and Spam by ZTE Anti-Spam system. > > > -------------------------------------------------------- > ZTE Information Security Notice: The information contained in this mail is > solely property of the sender's organization. This mail communication is > confidential. Recipients named above are obligated to maintain secrecy and > are not permitted to disclose the contents of this communication to others. > This email and any files transmitted with it are confidential and intended > solely for the use of the individual or entity to whom they are addressed. If > you have received this email in error please notify the originator of the > message. Any views expressed in this message are those of the individual > sender. > This message has been scanned for viruses and Spam by ZTE Anti-Spam system. > > > _______________________________________________ > P2PSIP mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/p2psip > >
_______________________________________________ P2PSIP mailing list [email protected] https://www.ietf.org/mailman/listinfo/p2psip
