SCVP-28 Tim Polk November 8, 2006. Current Status Draft -27 was submitted in June ‘06 –AD requested a revised ID 8/11 –No related discussion on list –Editors.

Slides:

Advertisements

Similar presentations

Dynamic Symmetric Key Provisioning Protocol (DSKPP)

Advertisements

CT-KIP Magnus Nyström, RSA Security OTPS Workshop, October 2005.

Overview of draft-ietf-sidr-roa-format-01.txt Matt Lepinski BBN Technologies.

Draft-lemonade-imap-submit-01.txt “Forward without Download” Allow IMAP client to include previously- received message (or parts) in or as new message.

Policy-based Accounting Draft Update Tanja Zseby, Sebastian Zander Fraunhofer Institute FOKUS Competence Center for Global Networking (GloNe) [zseby,

DNS-centric PKI Sean Turner Russ Housley Tim Polk.

Trusted Archive Protocol (TAP) Carl Wallace

Long-term Archive Service Requirements draft-ietf-ltans-reqs-00.txt.

MPLS-TP Linear Protection ietf-mpls-tp-linear-protection Nurit Sprecher Annamaria Fulignoli

Warranty Certificate Extension draft-ietf-pkix-warranty-extn th IETF Meeting November 2002.

VDA Security Services Freeware Libraries Update IETF S/MIME WG 29 March 2000 John Pawling J.G. Van Dyke & Associates (VDA), Inc;

Form Handling, Validation and Functions. Form Handling Forms are a graphical user interfaces (GUIs) that enables the interaction between users and servers.

Applicability Statement v1.1 Feedback: DirectTrust May 5, 2015.

1 Update on draft-ietf-smime-cades Current Status Completed last call. Under review by IESG. Comments to be incorporated: –From Pavel Smirnov (during.

Requirements for DSML 2.0. Summary RFC 2251 fidelity Represent existing directory protocols with new transport syntax Backwards compatibility with DSML.

S/MIME and CMS Presentation for CSE712 By Yi Wen Instructor: Dr. Aidong Zhang.

TLS 1.2 and NIST SP A Tim Polk November 10, 2006.

16.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 16 Security at the Application Layer: PGP and.

Using SCVP to Convey Evidence Records Carl Wallace Orion Security Solutions.

DICOM Security Lawrence Tarbox, Ph.D. Chair, WG 14 Mallinckrodt Institute of Radiology Washington University in St. Louis School of Medicine.

Yang Shi, Chris Elliott, Yong Zhang IETF 73 rd 18 Nov 2008, Minneapolis CAPWAP WG MIB Drafts Report.

IETF Trade WG Adelaide, South Australia 29 March 2000 Donald E. Eastlake, 3rd

July 27, 2009IETF NEA Meeting1 NEA Working Group IETF 75 Co-chairs: Steve Hanna

Michael Myers VeriSign, Inc.

Dime WG Status Update IETF#80, 1-April Agenda overview Agenda bashing WG status update Active drafts Recently expired IESG processing Current milestones.

Comments on draft-ietf-pkix-scvp-19.txt IETF Meeting Paris - August 2005 Denis Pinkas

Draft-ietf-dime-ikev2-psk-diameter-0draft-ietf-dime-ikev2-psk-diameter-08 draft-ietf-dime-ikev2-psk-diameter-09 in progress Diameter IKEv2 PSK: Pre-Shared.

SIP working group IETF#70 Essential corrections Keith Drage.

>> PHP: Insert Query & Form Processing. Insert Query Step 1: Define Form Variables Step 2: Make DB Connection Step 3: Error Handling Step 4: Define the.

3280bis David Cooper. Changes Since Draft 02 ● Section 1 (Introduction): Replaced text highlighting changes between RFC 2459 and 3280 with text highlighting.

SIP PUBLISH draft-ietf-simple-publish-01 Aki Niemi

1 Requirements for Internet Routers (Gateways) and Hosts Relates to Lab 3. (Supplement) Covers the compliance requirements of Internet routers and hosts.

Programming for WWW (ICE 1338) Lecture #2 Lecture #2 June 25, 2004 In-Young Ko iko.AT. icu.ac.kr Information and Communications University (ICU) iko.AT.

Module: Software Engineering of Web Applications Chapter 2: Technologies 1.

Packet Format Issues #227: Need Shim Header to indicate Crypto Property of packet Do we need to add pre-amble header to indicate if data is encrypted or.

Abierman-netconf-mar07 1 NETCONF WG 68 th IETF Prague, CZ March 19, 2007.

8 Chapter Eight Server-side Scripts. 8 Chapter Objectives Create dynamic Web pages that retrieve and display database data using Active Server Pages Process.

SonOf3039 Status Russ Housley Security Area Director.

GMPLS MIBs draft-ietf-ccamp-gmpls-tc-mib-02.txt draft-ietf-ccamp-gmpls-lsr-mib-02.txt draft-ietf-ccamp-gmpls-te-mib-02.txt Tom Nadeau

NECTEC-GOC CA The 3 rd APGrid PMA face-to-face meeting. June, Suriya U-ruekolan National Electronics and Computer Technology Center, Thailand.

IETF66 DIME WG John Loughney, Hannes Tschofenig and Victor Fajardo 3588-bis: Current Issues.

1 draft-sidr-bgpsec-protocol-05 Open Issues. 2 Overview I received many helpful reviews: Thanks Rob, Sandy, Sean, Randy, and Wes Most issues are minor.

Encryption protocols Monil Adhikari. What is SSL / TLS? Transport Layer Security protocol, ver 1.0 De facto standard for Internet security “The primary.

November 20, 2002IETF 55 - Atlanta1 VPIM Voice Profile for Internet Mail Mailing list: To subscribe: send.

7/27/2004IETF San-Diego Plenary meeting 8/2004 EPON MIBs Lior Khermosh – Passave Technologies

Design Guidelines Thursday July 26, 2007 Bernard Aboba IETF 69 Chicago, IL.

Nov. 9, 2004IETF61 PANA WG PANA Specification Last Call Issues Yoshihiro Ohba, Alper Yegin, Basavaraj Patil, D. Forsberg, Hannes Tschofenig.

70th IETF Vancouver, December 2007 CCAMP Working Group Status Chairs: Deborah Brungard : Adrian Farrel :

NEMO Basic Support update IETF 61. Status IANA assignments done Very close to AUTH48 call Some issues raised recently We need to figure out if we want.

Transport Layer Security (TLS) Extensions: Extension Definitions draft-ietf-tls-rfc4366-bis-00.

ECC Design Team: Initial Report Brian Minard, Tolga Acar, Tim Polk November 8, 2006.

DIME WG IETF 84 Diameter Design Guidelines draft-ietf-dime-app-design-guide-15 Tuesday, July 31, 2012 Lionel Morand.

CDB Chris Bonatti (IECA, Inc.) Tel: (+1) Proposed PKI4IPSEC Certificate Management Requirements Document IETF #60 – PKI4IPSEC Working.

Subject Identification Method August, 2004 Tim Polk, NIST.

Draft-lemonade-imap-submit-00.txt “Forward without Download” Allow IMAP client to include previously- received message (or parts) in or as new message.

S/MIME Working Group Status Russ Housley November 2002 PLEASE SIGN THE BLUE SHEET.

CDB Chris Bonatti (IECA, Inc.) Tel: (+1) Proposed PKI4IPSEC Certificate Management Requirements Document IETF #61 – PKI4IPSEC Working.

DHCP-DNS Interaction Bernie Volz IETF-61, DHC WG.

Resource Certificate Provisioning Protocol Geoff Huston IETF 70 December 2007.

Web Services Essentials. What is a web service? web service: software functionality that can be invoked through the internet using common protocols like.

SIP Working Group IETF Chairs -- Rohan MAHY Dean WILLIS.

SCVP 18 Tim Polk. Mea Culpa ● Draft -19 omits some promised changes from the March IETF meeting – Document management problems compounded by ID submission.

Public Key Infrastructure Using X.509 (PKIX) Working Group

ALTO Protocol draft-ietf-alto-protocol-14

Public Key Infrastructure Using X.509 (PKIX) Working Group

STIR WG IETF-100 PASSPorT Extension for Resource-Priority Authorization (draft-ietf-stir-rph-01) November, 2017 Ray P. Singh, Martin Dolly, Subir Das,

STIR WG IETF-99 PASSPorT Extension for Resource-Priority Authorization (draft-ietf-stir-rph-00) July, 2017 Ray P. Singh, Martin Dolly, Subir Das, and An.

Job Attribute and Event Monitoring Methods

draft-ietf-dtn-bpsec-06

Presentation transcript:

SCVP-28 Tim Polk November 8, 2006

Current Status Draft -27 was submitted in June ‘06 –AD requested a revised ID 8/11 –No related discussion on list –Editors discussion off list Draft -28 submitted in October ‘06 –Editors rationale for changes posted 10/31

Changes since -27 Two Error Code Definitions Generalized –In draft -27, the codes only allowed the server to indicate that the a value of TRUE (e.g., for required explicit policies) is unsupported. Added new specified KeyUsages item to validation policy –Supports applications that require EKU to be present but don’t accept anyKeyUsage.

Changes Since -27, cont’d Clients may require signed or MACed responses even when using protected transport –Conflicting text in -27, but implied that servers should not sign responses when communicating with TLS, etc.

Editorial Changes since -27 EKU with anyExtendedKeyUsage okay for signing requests & responses – Draft -27 implied that EKU had to include SCVP client OID Definition of new extensions does not require a new Version number –Unspecified in -27

Editorial Changes since -27 Client/Server CMS message types –Both MUST support signedData and SHOULD support authenticatedData Query tagging –Inserted comment in ASN.1 for query to clarify that tag zero is not used

Editorial changes since -27, cont’d Obtaining Key Agreement keys –In section 3, text cites the validation policy response as a source of keys MIME registration –Change controller is now IESG –Still need to: Delete unnecessary req’d parameter (format) Probably change subtype names

AD Comments Addressed Without Changes Version handling in validation policy request & response –Client asserts highest version that it can handle –Server returns highest version it can generate satisfying client limitations –AD Observed that ASN.1 is not very extensible Changes in the request syntax would cause failures Editors response –Request syntax is expected to be stable

AD Comments Addressed Without Changes, cont’d Server handling of unrecognized flags is unclear in and –Editors cited the text in section 4 that addresses handling of unrecognized flags

AD Comments Addressed Without Changes, cont’d Client discovery of wantBacks/checks support by server – explains why negotiation is unnecessary Requests assert a single check, so no confusion Servers MUST support core wantBacks For niche cases from 3779, an out of band relationship is assumed

Open issue AD: It's not clear that this meets RFC 2026's definition of interoperability. –Conforming clients will always generate requests that conforming servers can process. –If the server can not satisfy the request, it will generate an error message that is recognized by the client. Clients that request DPV services from a DPD-only server will receive such an error message. Does this satisfy the interoperability requirements in RFC 2026?

SCVP Discussion on List since Montreal Encoding of different ASN.1 types when encapsulated within the octet string (7/13) –No changes required SCVP ASN.1 “reuse” of structure names (10/20) –Name collisions with S/MIME ESS and attribute certificate ASN.1 modules –No changes, but could easily be addressed if WG traffic had indicated support

SCVP Discussion on List since Montreal, cont’d Unprotected error responses (10/26) –No changes required Unexplained (but obvious) error code (11/6) –Will document and resubmit

Questions?