The main change to the draft is the addition of some stronger crypto - namely AES and SHA256. Deployments can use either SHA1 or SHA256. Given some of the attacks on SHA1 since the time this draft was in started, the security folks feel it is best to have SHA256 as well as SHA1. We also added pointers to other IETF documents that give advice on storing private keys on devices and removed a requirement around the names in self signed certificates as that added no security and reduced which certificates could be used.
Cullen On Sep 21, 2010, at 12:22 PM, Robert Sparks wrote: > All - > > The last discuss on draft-ietf-sip-certs has cleared. The draft received a > few substantial > changes as a result of IESG evaluation. I'd like folks to look through what's > changed before > approving the document. > > Please look over draft-ietf-sip-certs-15 and comment before Sep 30. > This diff, in particular, highlights the changes due to IESG evaluation: > <http://tools.ietf.org/rfcdiff?url1=draft-ietf-sip-certs-11&difftype=--hwdiff&submit=Go!&url2=draft-ietf-sip-certs-15> > > Thanks, > > RjS _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is essentially closed and only used for finishing old business. Use [email protected] for questions on how to develop a SIP implementation. Use [email protected] for new developments on the application of sip. Use [email protected] for issues related to maintenance of the core SIP specifications.
