Re: [Sip] R-CERTS in draft-ietf-sip-media-security-requirements

Sun, 04 May 2008 23:30:52 -0700 

Hi Richard,

I like the wording of this requirement as it covers the different types
we had in mind to address

Ciao
        Steffen

> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On 
> Behalf Of Richard Barnes
> Sent: Friday, May 02, 2008 11:17 PM
> To: Dan York; 'Dan Wing'; IETF SIP List
> Subject: Re: [Sip] R-CERTS in 
> draft-ietf-sip-media-security-requirements
> 
> Oops, minor revision to please the cert police (who will 
> notice that trust anchors are not certificates).
> 
> R-CERTS:
> The media security key management protocol MUST NOT constrain 
> the set of trust anchors that a peer can use to validate 
> certificates used in the protocol.
> 
> --RB
> 
> 
> 
> Richard Barnes wrote:
> >> DY> I guess I could see the possibility of a "protocol" 
> being created
> >> where it was mandated that the endpoints had to do a check 
> of a cert 
> >> against central public CAs.  That's not what I think we 
> want.   Perhaps 
> >> I am using a wider definition of a "protocol" than you are.
> > 
> > Ah, that gives me an idea.  What you're trying to rule out is a 
> > protocol that says "You MUST only accept a cert that chains 
> to an issuer X"
> > (where X=Verisign, for example).  What this requirement is really 
> > saying is that the protocol needs to stay out of the way of 
> the policy.
> > 
> > So how about this for a requirement:
> > 
> > R-CERTS:
> > The media security key management protocol MUST NOT 
> constrain the set 
> > of certificates that can be used as trust anchors in 
> certificate verification.
> > 
> > 
> > --RB
> > 
> > _______________________________________________
> > Sip mailing list  https://www.ietf.org/mailman/listinfo/sip
> > This list is for NEW development of the core SIP Protocol Use 
> > [EMAIL PROTECTED] for questions on current sip Use 
> > [EMAIL PROTECTED] for new developments on the application of sip
> > 
> > 
> 
> _______________________________________________
> Sip mailing list  https://www.ietf.org/mailman/listinfo/sip
> This list is for NEW development of the core SIP Protocol Use 
> [EMAIL PROTECTED] for questions on current sip 
> Use [EMAIL PROTECTED] for new developments on the application of sip
> 
_______________________________________________
Sip mailing list  https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use [EMAIL PROTECTED] for questions on current sip
Use [EMAIL PROTECTED] for new developments on the application of sip

Reply via email to