Re: [Gen-art] new version of draft-ietf-tcpm-rfc3782-bis posted

2012-01-24 Thread Henderson, Thomas R
Ben, thanks for following up-- inline below. > -Original Message- > From: Ben Campbell [mailto:b...@estacado.net] > Sent: Tuesday, January 24, 2012 1:58 PM > To: Henderson, Thomas R > Cc: Russ Housley; David Harrington; tcpm-cha...@tools.ietf.org; draft- > ietf-tcpm-rfc3782-...@tools.ietf.

Re: [Gen-art] new version of draft-ietf-tcpm-rfc3782-bis posted

2012-01-24 Thread Ben Campbell
(Adding Gen-ART to the CC List) Hi Tom, Thanks for the response. Further comments inline. I've removed sections that don't seem to need further comment. On Jan 20, 2012, at 5:58 PM, Henderson, Thomas R wrote: […] >> >> -- Appendix A refers the reader back to RFC 3782 for additional >> inf

Re: [Gen-art] Gen-ART Last Call Review of draft-ietf-sieve-include-13

2012-01-24 Thread Ben Campbell
Hi Aaron, Based on discussion and revision 14, I think all my concerns are resolved save one (which I think is pretty much editorial at this point): On Dec 19, 2011, at 2:46 PM, Ben Campbell wrote: […] > > >> >> -- section 3.4.1, paragraph 5: "If a "global" command is given the name of a

Re: [Gen-art] Gen-ART last call review of draft-ietf-mile-rfc6046-bis-05

2012-01-24 Thread Brian Trammell
Hi, Peter, Alexey, all, Thanks for the suggestion on fixing the ambiguity in "use" -- that was bothering me a bit, too... Okay, so how about straight NOT RECOMMENDED, which would make the whole paragraph: RID systems MUST verify the identity of their peers against that stored in the ce

Re: [Gen-art] Gen-ART last call review of draft-ietf-mile-rfc6046-bis-05

2012-01-24 Thread kathleen.moriarty
I agree, the guidance in RFC6125 Section 2.4 is pretty clear and should just be referenced if we go this route. I do have a question out to a practitioner to see if we need to allow anything other than DNS-IDs. She did say support is good in CAs, maybe it is OK to require DNS-IDs. She will be

Re: [Gen-art] Gen-ART last call review of draft-ietf-mile-rfc6046-bis-05

2012-01-24 Thread Peter Saint-Andre
On 1/24/12 9:59 AM, Alexey Melnikov wrote: > On 24/01/2012 16:45, Peter Saint-Andre wrote: >> On 1/24/12 2:25 AM, Brian Trammell wrote: >>> Hi, Alexey, >>> >>> So far only one voice on the WG list, stating no need for CN-ID. >>> However, on thinking about it a bit further, if you happen to have an

Re: [Gen-art] Gen-ART last call review of draft-ietf-mile-rfc6046-bis-05

2012-01-24 Thread Alexey Melnikov
On 24/01/2012 16:45, Peter Saint-Andre wrote: On 1/24/12 2:25 AM, Brian Trammell wrote: Hi, Alexey, So far only one voice on the WG list, stating no need for CN-ID. However, on thinking about it a bit further, if you happen to have an older PKI built out, and you're still using it, you've pro

Re: [Gen-art] Gen-ART last call review of draft-ietf-mile-rfc6046-bis-05

2012-01-24 Thread Peter Saint-Andre
On 1/24/12 2:25 AM, Brian Trammell wrote: > Hi, Alexey, > > So far only one voice on the WG list, stating no need for CN-ID. However, on > thinking about it a bit further, if you happen to have an older PKI built > out, and you're still using it, you've probably got a large investment in it, >

[Gen-art] Gen-ART LC review of draft-harkins-ipsecme-spsk-auth-06

2012-01-24 Thread Roni Even
I am the assigned Gen-ART reviewer for this draft. For background on Gen-ART, please see the FAQ at . Please resolve these comments along with any other Last Call comments you may receive. Document: draft-harkins-ipsecme-spsk-auth-06

Re: [Gen-art] Gen-ART last call review of draft-ietf-mile-rfc6046-bis-05

2012-01-24 Thread Brian Trammell
Hi, Alexey, So far only one voice on the WG list, stating no need for CN-ID. However, on thinking about it a bit further, if you happen to have an older PKI built out, and you're still using it, you've probably got a large investment in it, and it probably makes sense to allow you to use it for