Presentation is loading. Please wait.

Presentation is loading. Please wait.

SCVP-28 Tim Polk November 8, 2006. Current Status Draft -27 was submitted in June ‘06 –AD requested a revised ID 8/11 –No related discussion on list –Editors.

Published byEthelbert Freeman Modified over 8 years ago

Similar presentations

Presentation on theme: "SCVP-28 Tim Polk November 8, 2006. Current Status Draft -27 was submitted in June ‘06 –AD requested a revised ID 8/11 –No related discussion on list –Editors."— Presentation transcript:

1 SCVP-28 Tim Polk November 8, 2006

2 Current Status Draft -27 was submitted in June ‘06 –AD requested a revised ID 8/11 –No related discussion on list –Editors discussion off list Draft -28 submitted in October ‘06 –Editors rationale for changes posted 10/31

3 Changes since -27 Two Error Code Definitions Generalized –In draft -27, the codes only allowed the server to indicate that the a value of TRUE (e.g., for required explicit policies) is unsupported. Added new specified KeyUsages item to validation policy –Supports applications that require EKU to be present but don’t accept anyKeyUsage.

4 Changes Since -27, cont’d Clients may require signed or MACed responses even when using protected transport –Conflicting text in -27, but implied that servers should not sign responses when communicating with TLS, etc.

5 Editorial Changes since -27 EKU with anyExtendedKeyUsage okay for signing requests & responses – Draft -27 implied that EKU had to include SCVP client OID Definition of new extensions does not require a new Version number –Unspecified in -27

6 Editorial Changes since -27 Client/Server CMS message types –Both MUST support signedData and SHOULD support authenticatedData Query tagging –Inserted comment in ASN.1 for query to clarify that tag zero is not used

7 Editorial changes since -27, cont’d Obtaining Key Agreement keys –In section 3, text cites the validation policy response as a source of keys MIME registration –Change controller is now IESG –Still need to: Delete unnecessary req’d parameter (format) Probably change subtype names

8 AD Comments Addressed Without Changes Version handling in validation policy request & response –Client asserts highest version that it can handle –Server returns highest version it can generate satisfying client limitations –AD Observed that ASN.1 is not very extensible Changes in the request syntax would cause failures Editors response –Request syntax is expected to be stable

9 AD Comments Addressed Without Changes, cont’d Server handling of unrecognized flags is unclear in 3.2.4.5 and 3.2.4.6 –Editors cited the text in section 4 that addresses handling of unrecognized flags

10 AD Comments Addressed Without Changes, cont’d Client discovery of wantBacks/checks support by server –Email explains why negotiation is unnecessary Requests assert a single check, so no confusion Servers MUST support core wantBacks For niche cases from 3779, an out of band relationship is assumed

11 Open issue AD: It's not clear that this meets RFC 2026's definition of interoperability. –Conforming clients will always generate requests that conforming servers can process. –If the server can not satisfy the request, it will generate an error message that is recognized by the client. Clients that request DPV services from a DPD-only server will receive such an error message. Does this satisfy the interoperability requirements in RFC 2026?

12 SCVP Discussion on List since Montreal Encoding of different ASN.1 types when encapsulated within the octet string (7/13) –No changes required SCVP ASN.1 “reuse” of structure names (10/20) –Name collisions with S/MIME ESS and attribute certificate ASN.1 modules –No changes, but could easily be addressed if WG traffic had indicated support

13 SCVP Discussion on List since Montreal, cont’d Unprotected error responses (10/26) –No changes required Unexplained (but obvious) error code (11/6) –Will document and resubmit

14 Questions?

Download ppt "SCVP-28 Tim Polk November 8, 2006. Current Status Draft -27 was submitted in June ‘06 –AD requested a revised ID 8/11 –No related discussion on list –Editors."

Similar presentations

Dynamic Symmetric Key Provisioning Protocol (DSKPP)

Dynamic Symmetric Key Provisioning Protocol (DSKPP)
CT-KIP Magnus Nyström, RSA Security OTPS Workshop, October 2005.

CT-KIP Magnus Nyström, RSA Security OTPS Workshop, October 2005.
SOAP.

SOAP.
Overview of draft-ietf-sidr-roa-format-01.txt Matt Lepinski BBN Technologies.

Overview of draft-ietf-sidr-roa-format-01.txt Matt Lepinski BBN Technologies.
Draft-lemonade-imap-submit-01.txt “Forward without Download” Allow IMAP client to include previously- received message (or parts) in or as new message.

Draft-lemonade-imap-submit-01.txt “Forward without Download” Allow IMAP client to include previously- received message (or parts) in or as new message.
Policy-based Accounting Draft Update Tanja Zseby, Sebastian Zander Fraunhofer Institute FOKUS Competence Center for Global Networking (GloNe) [zseby,

Policy-based Accounting Draft Update Tanja Zseby, Sebastian Zander Fraunhofer Institute FOKUS Competence Center for Global Networking (GloNe) [zseby,
DNS-centric PKI Sean Turner Russ Housley Tim Polk.

DNS-centric PKI Sean Turner Russ Housley Tim Polk.
Trusted Archive Protocol (TAP) Carl Wallace

Trusted Archive Protocol (TAP) Carl Wallace
Long-term Archive Service Requirements draft-ietf-ltans-reqs-00.txt.

Long-term Archive Service Requirements draft-ietf-ltans-reqs-00.txt.
MPLS-TP Linear Protection ietf-mpls-tp-linear-protection Nurit Sprecher Annamaria Fulignoli

MPLS-TP Linear Protection ietf-mpls-tp-linear-protection Nurit Sprecher Annamaria Fulignoli
Warranty Certificate Extension draft-ietf-pkix-warranty-extn-01 55 th IETF Meeting November 2002.

Warranty Certificate Extension draft-ietf-pkix-warranty-extn th IETF Meeting November 2002.
VDA Security Services Freeware Libraries Update IETF S/MIME WG 29 March 2000 John Pawling J.G. Van Dyke & Associates (VDA), Inc;

VDA Security Services Freeware Libraries Update IETF S/MIME WG 29 March 2000 John Pawling J.G. Van Dyke & Associates (VDA), Inc;
Form Handling, Validation and Functions. Form Handling Forms are a graphical user interfaces (GUIs) that enables the interaction between users and servers.

Form Handling, Validation and Functions. Form Handling Forms are a graphical user interfaces (GUIs) that enables the interaction between users and servers.
Applicability Statement v1.1 Feedback: DirectTrust May 5, 2015.

Applicability Statement v1.1 Feedback: DirectTrust May 5, 2015.
1 Update on draft-ietf-smime-cades-02. 2 Current Status Completed last call. Under review by IESG. Comments to be incorporated: –From Pavel Smirnov (during.

1 Update on draft-ietf-smime-cades Current Status Completed last call. Under review by IESG. Comments to be incorporated: –From Pavel Smirnov (during.
Requirements for DSML 2.0. Summary RFC 2251 fidelity Represent existing directory protocols with new transport syntax Backwards compatibility with DSML.

Requirements for DSML 2.0. Summary RFC 2251 fidelity Represent existing directory protocols with new transport syntax Backwards compatibility with DSML.
S/MIME and CMS Presentation for CSE712 By Yi Wen Instructor: Dr. Aidong Zhang.

S/MIME and CMS Presentation for CSE712 By Yi Wen Instructor: Dr. Aidong Zhang.
TLS 1.2 and NIST SP 800-56A Tim Polk November 10, 2006.

TLS 1.2 and NIST SP A Tim Polk November 10, 2006.
16.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 16 Security at the Application Layer: PGP and.

16.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 16 Security at the Application Layer: PGP and.
Using SCVP to Convey Evidence Records Carl Wallace Orion Security Solutions.

Using SCVP to Convey Evidence Records Carl Wallace Orion Security Solutions.

Similar presentations

Ads by Google