subject:"\[Hipsec\] Stephen Farrell's Discuss on draft\-ietf\-hip\-rfc5203\-bis\-10\: \(with DISCUSS and COMMENT\)"

Re: [Hipsec] Stephen Farrell's Discuss on draft-ietf-hip-rfc5203-bis-10: (with DISCUSS and COMMENT)

2016-08-05 Thread Miika Komu


Hi,

the proposed changes seemed fine at least to me.

P.S. Sorry, got back from holidays this week.

On 08/05/2016 03:42 AM, Julien Laganier wrote:

Hi Stephen,

FYI I've implemented the proposed change in the last draft revision.

Best,

--julien

On Thu, Jul 21, 2016 at 4:22 AM, Stephen Farrell
 wrote:


Hiya,

That'd be fine for clearing my discuss.

I'd encourage you to also get feedback from the WG though as I
don't think I've ever seen a list of cert handling errors that
was correct first time around:-)

Cheers,
S.



On 20/07/16 16:11, Julien Laganier wrote:

Hi Stephen,

Thanks for reviewing the document.

I think there would be value in making the cause of certificate error
explicit. Would the following change be acceptable?

OLD:

   If the certificate in the parameter is not accepted, the registrar
   MUST reject the corresponding registrations with Failure Type [IANA
   TBD] (Invalid certificate).

NEW:

   If the certificate in the parameter is not accepted, the registrar
   MUST reject the corresponding registrations with the appropriate
   Failure Type:
   [IANA TBD] (Bad certificate): The certificate is corrupt, contains
invalid signatures, etc.
   [IANA TBD] (Unsupported certificate): The certificate is of an
unsupported type.
   [IANA TBD] (Certificate expired): The certificate is no longer valid.
   [IANA TBD] (Certificate other): The certificate could not be
validated for some unspecified reason.
   [IANA TBD] (Unknown CA): The issuing CA certificate could not be
located or is not trusted.

Please let us know.

Best,

--julien




On Tue, Jul 5, 2016 at 7:01 AM, Stephen Farrell
 wrote:

Stephen Farrell has entered the following ballot position for
draft-ietf-hip-rfc5203-bis-10: Discuss

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-hip-rfc5203-bis/



--
DISCUSS:
--


3.3 - This fails to distinguish between an invalid
certificate (e.g. bad signature, unknown signer) and one
that is valid, but is not acceptable for this purpose.  I
don't get why that is ok for HIP, can you explain?  If it
is ok, I think you need to say so. If it is not ok (as I'd
suspect) then you appear to need to change text or one more
new error code.


--
COMMENT:
--


Section 7 - I'm fine that this doesn't repeat stuff
from 5203, but a sentence saying to go look there too
would maybe be good. (I'm not sure if that would fix
Alexey's discuss or not. If not, then ignore me and
just talk to him about his discuss.)






___
Hipsec mailing list
Hipsec@ietf.org
https://www.ietf.org/mailman/listinfo/hipsec





smime.p7s
Description: S/MIME Cryptographic Signature
___
Hipsec mailing list
Hipsec@ietf.org
https://www.ietf.org/mailman/listinfo/hipsec

Re: [Hipsec] Stephen Farrell's Discuss on draft-ietf-hip-rfc5203-bis-10: (with DISCUSS and COMMENT)

2016-08-04 Thread Julien Laganier

Hi Stephen,

FYI I've implemented the proposed change in the last draft revision.

Best,

--julien

On Thu, Jul 21, 2016 at 4:22 AM, Stephen Farrell
 wrote:
>
> Hiya,
>
> That'd be fine for clearing my discuss.
>
> I'd encourage you to also get feedback from the WG though as I
> don't think I've ever seen a list of cert handling errors that
> was correct first time around:-)
>
> Cheers,
> S.
>
>
>
> On 20/07/16 16:11, Julien Laganier wrote:
>> Hi Stephen,
>>
>> Thanks for reviewing the document.
>>
>> I think there would be value in making the cause of certificate error
>> explicit. Would the following change be acceptable?
>>
>> OLD:
>>
>>If the certificate in the parameter is not accepted, the registrar
>>MUST reject the corresponding registrations with Failure Type [IANA
>>TBD] (Invalid certificate).
>>
>> NEW:
>>
>>If the certificate in the parameter is not accepted, the registrar
>>MUST reject the corresponding registrations with the appropriate
>>Failure Type:
>>[IANA TBD] (Bad certificate): The certificate is corrupt, contains
>> invalid signatures, etc.
>>[IANA TBD] (Unsupported certificate): The certificate is of an
>> unsupported type.
>>[IANA TBD] (Certificate expired): The certificate is no longer valid.
>>[IANA TBD] (Certificate other): The certificate could not be
>> validated for some unspecified reason.
>>[IANA TBD] (Unknown CA): The issuing CA certificate could not be
>> located or is not trusted.
>>
>> Please let us know.
>>
>> Best,
>>
>> --julien
>>
>>
>>
>>
>> On Tue, Jul 5, 2016 at 7:01 AM, Stephen Farrell
>>  wrote:
>>> Stephen Farrell has entered the following ballot position for
>>> draft-ietf-hip-rfc5203-bis-10: Discuss
>>>
>>> When responding, please keep the subject line intact and reply to all
>>> email addresses included in the To and CC lines. (Feel free to cut this
>>> introductory paragraph, however.)
>>>
>>>
>>> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
>>> for more information about IESG DISCUSS and COMMENT positions.
>>>
>>>
>>> The document, along with other ballot positions, can be found here:
>>> https://datatracker.ietf.org/doc/draft-ietf-hip-rfc5203-bis/
>>>
>>>
>>>
>>> --
>>> DISCUSS:
>>> --
>>>
>>>
>>> 3.3 - This fails to distinguish between an invalid
>>> certificate (e.g. bad signature, unknown signer) and one
>>> that is valid, but is not acceptable for this purpose.  I
>>> don't get why that is ok for HIP, can you explain?  If it
>>> is ok, I think you need to say so. If it is not ok (as I'd
>>> suspect) then you appear to need to change text or one more
>>> new error code.
>>>
>>>
>>> --
>>> COMMENT:
>>> --
>>>
>>>
>>> Section 7 - I'm fine that this doesn't repeat stuff
>>> from 5203, but a sentence saying to go look there too
>>> would maybe be good. (I'm not sure if that would fix
>>> Alexey's discuss or not. If not, then ignore me and
>>> just talk to him about his discuss.)
>>>
>>>
>

___
Hipsec mailing list
Hipsec@ietf.org
https://www.ietf.org/mailman/listinfo/hipsec

Re: [Hipsec] Stephen Farrell's Discuss on draft-ietf-hip-rfc5203-bis-10: (with DISCUSS and COMMENT)

2016-07-21 Thread Julien Laganier

Thanks, Stephen.

The HIP WG was CC'd on these emails so participants have seen the
proposal, I will seek their feedback in a separate note.

Best,

--julien

On Thu, Jul 21, 2016 at 4:22 AM, Stephen Farrell
 wrote:
>
> Hiya,
>
> That'd be fine for clearing my discuss.
>
> I'd encourage you to also get feedback from the WG though as I
> don't think I've ever seen a list of cert handling errors that
> was correct first time around:-)
>
> Cheers,
> S.
>
>
>
> On 20/07/16 16:11, Julien Laganier wrote:
>> Hi Stephen,
>>
>> Thanks for reviewing the document.
>>
>> I think there would be value in making the cause of certificate error
>> explicit. Would the following change be acceptable?
>>
>> OLD:
>>
>>If the certificate in the parameter is not accepted, the registrar
>>MUST reject the corresponding registrations with Failure Type [IANA
>>TBD] (Invalid certificate).
>>
>> NEW:
>>
>>If the certificate in the parameter is not accepted, the registrar
>>MUST reject the corresponding registrations with the appropriate
>>Failure Type:
>>[IANA TBD] (Bad certificate): The certificate is corrupt, contains
>> invalid signatures, etc.
>>[IANA TBD] (Unsupported certificate): The certificate is of an
>> unsupported type.
>>[IANA TBD] (Certificate expired): The certificate is no longer valid.
>>[IANA TBD] (Certificate other): The certificate could not be
>> validated for some unspecified reason.
>>[IANA TBD] (Unknown CA): The issuing CA certificate could not be
>> located or is not trusted.
>>
>> Please let us know.
>>
>> Best,
>>
>> --julien
>>
>>
>>
>>
>> On Tue, Jul 5, 2016 at 7:01 AM, Stephen Farrell
>>  wrote:
>>> Stephen Farrell has entered the following ballot position for
>>> draft-ietf-hip-rfc5203-bis-10: Discuss
>>>
>>> When responding, please keep the subject line intact and reply to all
>>> email addresses included in the To and CC lines. (Feel free to cut this
>>> introductory paragraph, however.)
>>>
>>>
>>> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
>>> for more information about IESG DISCUSS and COMMENT positions.
>>>
>>>
>>> The document, along with other ballot positions, can be found here:
>>> https://datatracker.ietf.org/doc/draft-ietf-hip-rfc5203-bis/
>>>
>>>
>>>
>>> --
>>> DISCUSS:
>>> --
>>>
>>>
>>> 3.3 - This fails to distinguish between an invalid
>>> certificate (e.g. bad signature, unknown signer) and one
>>> that is valid, but is not acceptable for this purpose.  I
>>> don't get why that is ok for HIP, can you explain?  If it
>>> is ok, I think you need to say so. If it is not ok (as I'd
>>> suspect) then you appear to need to change text or one more
>>> new error code.
>>>
>>>
>>> --
>>> COMMENT:
>>> --
>>>
>>>
>>> Section 7 - I'm fine that this doesn't repeat stuff
>>> from 5203, but a sentence saying to go look there too
>>> would maybe be good. (I'm not sure if that would fix
>>> Alexey's discuss or not. If not, then ignore me and
>>> just talk to him about his discuss.)
>>>
>>>
>

___
Hipsec mailing list
Hipsec@ietf.org
https://www.ietf.org/mailman/listinfo/hipsec

Re: [Hipsec] Stephen Farrell's Discuss on draft-ietf-hip-rfc5203-bis-10: (with DISCUSS and COMMENT)

Re: [Hipsec] Stephen Farrell's Discuss on draft-ietf-hip-rfc5203-bis-10: (with DISCUSS and COMMENT)

Re: [Hipsec] Stephen Farrell's Discuss on draft-ietf-hip-rfc5203-bis-10: (with DISCUSS and COMMENT)

3 matches

Site Navigation

Mail list logo

Footer information