3280bis David Cooper. Changes Since Draft 02 ● Section 1 (Introduction): Replaced text highlighting changes between RFC 2459 and 3280 with text highlighting.

Slides:

Advertisements

Similar presentations

IETF 71 Philadelphia - ENUM IANA Registration of Enumservices: Guide, Template and IANA Considerations draft-ietf-enum-enumservices-guide-08 B. Hoeneisen.

Advertisements

Dynamic Symmetric Key Provisioning Protocol (DSKPP)

RPKI Certificate Policy Status Update Stephen Kent.

CT-KIP Magnus Nyström, RSA Security OTPS Workshop, October 2005.

OTP-ValidationService: Summary, Status, and Next Steps OTPS Workshop, February 2006.

Copyright © 2003 Colin Perkins SDP Specification Update Colin Perkins

RPKI Certificate Policy Stephen Kent, Derrick Kong, Ronald Watro, Karen Seo July 21, 2010.

Overview of draft-ietf-sidr-roa-format-01.txt Matt Lepinski BBN Technologies.

CRL Processing Rules Santosh Chokhani November 2004.

Resource Certificate Profile Geoff Huston, George Michaelson, Rob Loomans APNIC IETF 67.

Fed/Ed PKI 2008, June Subject Unique Identifier or Equivalent William A. Weems & Mark B. Jones Academic Technology U. Texas Health Science Center at Houston.

RPKI Validation - Revisited draft-huston-rpki-validation-00.txt Geoff Huston George Michaelson APNIC.

MPKI Interoperability I-D ChangeLog from -01 to -02 Jan 16, 2004 Masaki SHIMAOKA SECOM Trust.net.

CS470, A.SelcukPKI1 Public Key Infrastructures CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

Certificate Path Building draft-ietf-pkix-certpathbuild-01.txt Peter Hesse Matt Cooper Yuriy Dzambasow Susan Joseph Richard Nicholas.

Modeling & Designing the Database

MIF API draft-ietf-mif-api-extension-05 Dapeng Liu.

9/20/2000www.cren.net1 Root Key Cutting and Ceremony at MIT 11/17/99.

14 May 2002© TrueTrust Ltd1 Privilege Management in X.509(2000) David W Chadwick BSc PhD.

Warranty Certificate Extension draft-ietf-pkix-warranty-extn th IETF Meeting November 2002.

1 Update on draft-ietf-smime-cades Current Status Completed last call. Under review by IESG. Comments to be incorporated: –From Pavel Smirnov (during.

RFC 3039 bis Qualified Certificates Profile Changes from RFC 3039.

Trust Anchor Management Problem Statement 69 th IETF Trust Anchor Management BOF Carl Wallace.

Software School of Hunan University Database Systems Design Part III Section 5 Design Methodology.

CSCI 3140 Module 2 – Conceptual Database Design Theodore Chiasson Dalhousie University.

Introduction to the ISO series ISO – principles and vocabulary (in development) ISO – ISMS requirements (BS7799 – Part 2) ISO –

March 27, 2006TAGPMA - Rio de Janeiro1 Short Lived Credential Services Profile Tony J. Genovese The Americas Grid PMA DOEGridsATF/ESnet/LBNL.

KMIP 1.3 Deprecation February 20, Deprecation 5.1 KMIP Deprecation Rule Items in the normative KMIP Specification [KMIP-Spec] document can be marked.

Session Peering Protocol over SOAP I-D ( draft-ietf-drinks-spp-over-soap-01) draft-ietf-drinks-spp-over-soap-01 0 Presenter: Vikas Bhatia (On behalf of.

SAML in Authorization Policies draft-guenther-geopriv-saml-policy-01.

1 SeGW Certificate profile (Revised) 3GPP2 TSG-S WG4 /TSG-X WG5 (PDS) S X xx Source: QUALCOMM Incorporated Contact(s): Anand.

Comments on draft-ietf-pkix-scvp-19.txt IETF Meeting Paris - August 2005 Denis Pinkas

Jimmy C. Tseng Assistant Professor of Electronic Commerce

Rfc3280bis-00 David Cooper, NIST Tim Polk, NIST. Development Process ● October 2004: Tim Polk requested that people submit any issues that needed to be.

UTF8String Deployment Status and Migration Plan Akira KANAOKA Challenge PKI Project Japan Network Security Association Sponsored by IT Promotion Agency,

Manifests (and Destiny?) Stephen Kent BBN Technologies.

29 October 2001Terena TF-LSD1 Certificate Retrieval With OpenLDAP David Chadwick.

KMIP Support for PGP Things to take out Things to put in.

Constraints Lesson 8. Skills Matrix Constraints Domain Integrity: A domain refers to a column in a table. Domain integrity includes data types, rules,

SonOf3039 Status Russ Housley Security Area Director.

1 APNIC Trial of Certification of IP Addresses and ASes RIPE October 2005 Geoff Huston.

NECTEC-GOC CA The 3 rd APGrid PMA face-to-face meeting. June, Suriya U-ruekolan National Electronics and Computer Technology Center, Thailand.

IETF68 DIME WG Open Issues for RFC3588bis Victor Fajardo (draft-ietf-dime-rfc3588bis-02.txt)

Session Traversal Utilities for NAT (STUN) IETF-92 Dallas, March 26, 2015 draft-ietf-tram-stunbis Marc Petit-Huguenin, Gonzalo Salgueiro.

Comments on draft-ietf-pkix-rfc3280bis-01.txt IETF PKIX Meeting Paris - August 2005 Denis Pinkas

LDAP for PKI Problems Cannot search for particular certificates or CRLs Cannot retrieve particular certificates or CRLs.

RPKI Certificate Policy Status Update Stephen Kent.

RFC 4068bis draft-ietf-mipshop-fmipv6-rfc4068bis-01.txt Rajeev Koodli.

Keyprov PSKC spec Philip Hoyer 71-st IETF, Philadelphia.

Draft FAR Changes Part of a Quality Team Report. Draft FAR Changes LEGEND. Above the FAR text, a legend shows the date of the team report, type of rule,

Keyprov PSKC spec Philip Hoyer 71-st IETF, Philadelphia.

Security on Grid: User Interface, Internals and APIs Simone Campana LCG Experiment Integration and Support CERN IT.

CDB Chris Bonatti (IECA, Inc.) Tel: (+1) Proposed PKI4IPSEC Certificate Management Requirements Document IETF #60 – PKI4IPSEC Working.

SCVP-28 Tim Polk November 8, Current Status Draft -27 was submitted in June ‘06 –AD requested a revised ID 8/11 –No related discussion on list –Editors.

Constraints Advanced Database Systems Dr. AlaaEddin Almabhouh.

SDP draft-ietf-mmusic-sdp-new-21.txt Colin Perkins.

PerfSONAR Schema and Topology Martin Swany. Schema Key Goals: Extensibility, Normalization, Readability Break representation of performance measurements.

Trust Anchor Management Problem Statement

ICM, University of Warsaw

draft-ietf-geopriv-lbyr-requirements-02 status update

Determine Applicability of Certificates by using standard CABF CP OIDs

P. Psenak, S.Previdi, C. Filsfils – Cisco W. Henderickx – Nokia

News from the wonderful world of directories

Resource Certificate Profile

Post WG LC NMDA datastore architecture draft

S-127 – Marine Traffic Management Release Candidate NIPWG 6 30 January 2019 Raphael Malyankar Eivind Mong Sponsored by IHO.

Recap At IETF 97 we presented the Voucher document for the first time as an ANIMA draft Bootstrapping Design team has met weekly since, about 50% discussion.

BPSec: AD Review Comments and Responses

Comparison of NMDA datastores draft-ietf-netmod-nmda-diff-02

Presentation transcript:

3280bis David Cooper

Changes Since Draft 02 ● Section 1 (Introduction): Replaced text highlighting changes between RFC 2459 and 3280 with text highlighting changes between RFC 3280 and 3280bis. ● Sections and (issuer and subject): Added text about using TeletexString, BMPString, and UniversalString in names of new CAs and end entities that are joining an existing domain where those encodings are already in use  Alignment with draft-ietf-pkix-cert-utf8-03.txt

Changes Since Draft 02 ● Section (Extended Key Usage): Clarified that an application that requires the presence of an EKU extension with a particular OID is not required to accept the presence of anyExtendedKeyUsage as a match. ● Section 6.2 (Using the Path Validation Algorithm): Removed paragraph about extending path validation algorithm to conform to PEM rules.

Changes Since Draft 02 ● Added to Security Considerations text about  risks involving different strings with similar visual representations  risk of circular dependencies when using an HTTPS URI in cRLDistributionsPoints, authorityInfoAccess, or subjectInfoAccess extensions. ● Section 7 (Rules for Processing Internationalized Names): Clarified that strings are prepared as “stored” prior to comparison. ● Updated references section.

Open Issues ● Should 3280bis forbid conforming CAs from imposing name constraints on the x400Address, ediPartyName, and registeredID name forms? ● Include guidance on handling/avoiding circular dependencies in certificate status checking? ● Escape clause?