| draft-ietf-hip-cert-08.txt | draft-ietf-hip-cert-09.txt | |||
|---|---|---|---|---|
| Host Identity Protocol Heer | Host Identity Protocol Heer | |||
| Internet-Draft Distributed Systems Group, RWTH | Internet-Draft Distributed Systems Group, RWTH | |||
| Intended status: Experimental Aachen University | Intended status: Experimental Aachen University | |||
| Expires: July 22, 2011 Varjonen | Expires: July 22, 2011 Varjonen | |||
| Helsinki Institute for Information | Helsinki Institute for Information | |||
| Technology | Technology | |||
| January 18, 2011 | January 18, 2011 | |||
| Host Identity Protocol Certificates | Host Identity Protocol Certificates | |||
| draft-ietf-hip-cert-08 | draft-ietf-hip-cert-09 | |||
| Abstract | Abstract | |||
| The CERT parameter is a container for X.509.v3 certificates and | The CERT parameter is a container for X.509.v3 certificates and | |||
| Simple Public Key Infrastructure (SPKI) certificates. It is used for | Simple Public Key Infrastructure (SPKI) certificates. It is used for | |||
| carrying these certificates in Host Identity Protocol (HIP) control | carrying these certificates in Host Identity Protocol (HIP) control | |||
| packets. This document specifies the certificate parameter and the | packets. This document specifies the certificate parameter and the | |||
| error signaling in case of a failed verification. Additionally, this | error signaling in case of a failed verification. Additionally, this | |||
| document specifies the representations of Host Identity Tags in | document specifies the representations of Host Identity Tags in | |||
| X.509.v3 and SPKI certificates. | X.509.v3 and SPKI certificates. | |||
| The concrete use of certificates including how certificates are | The concrete use of certificates including how certificates are | |||
| obtained, requested, and which actions are taken upon successful or | obtained, requested, and which actions are taken upon successful or | |||
| failed verification are specific to the scenario in which the | failed verification are specific to the scenario in which the | |||
| certificates are used. Hence, the definition of these scenario- | certificates are used. Hence, the definition of these scenario- | |||
| specific aspects are left to the documents that use the CERT | specific aspects are left to the documents that use the CERT | |||
| parameter. | parameter. | |||
| Status of this Memo | Status of this Memo | |||
| This Internet-Draft is submitted to IETF in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| provisions of BCP 78 and BCP 79. This document may not be modified, | provisions of BCP 78 and BCP 79. | |||
| and derivative works of it may not be created, except to format it | ||||
| for publication as an RFC or to translate it into languages other | ||||
| than English. | ||||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF), its areas, and its working groups. Note that | Task Force (IETF). Note that other groups may also distribute | |||
| other groups may also distribute working documents as Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| The list of current Internet-Drafts can be accessed at | ||||
| http://www.ietf.org/ietf/1id-abstracts.txt. | ||||
| The list of Internet-Draft Shadow Directories can be accessed at | ||||
| http://www.ietf.org/shadow.html. | ||||
| This Internet-Draft will expire on July 22, 2011. | This Internet-Draft will expire on July 22, 2011. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2011 IETF Trust and the persons identified as the | Copyright (c) 2011 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| skipping to change at page 2, line 24 | skipping to change at page 2, line 15 | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| described in the BSD License. | described in the Simplified BSD License. | |||
| This document may contain material from IETF Documents or IETF | ||||
| Contributions published or made publicly available before November | ||||
| 10, 2008. The person(s) controlling the copyright in some of this | ||||
| material may not have granted the IETF Trust the right to allow | ||||
| modifications of such material outside the IETF Standards Process. | ||||
| Without obtaining an adequate license from the person(s) controlling | ||||
| the copyright in such materials, this document may not be modified | ||||
| outside the IETF Standards Process, and derivative works of it may | ||||
| not be created outside the IETF Standards Process, except to format | ||||
| it for publication as an RFC or to translate it into languages other | ||||
| than English. | ||||
| 1. Introduction | 1. Introduction | |||
| Digital certificates bind a piece of information to a public key by | Digital certificates bind a piece of information to a public key by | |||
| means of a digital signature, and thus, enable the holder of a | means of a digital signature, and thus, enable the holder of a | |||
| private key to generate cryptographically verifiable statements. The | private key to generate cryptographically verifiable statements. The | |||
| Host Identity Protocol (HIP) [RFC5201] defines a new cryptographic | Host Identity Protocol (HIP) [RFC5201] defines a new cryptographic | |||
| namespace based on asymmetric cryptography. The identity of each | namespace based on asymmetric cryptography. The identity of each | |||
| host is derived from a public key, allowing hosts to digitally sign | host is derived from a public key, allowing hosts to digitally sign | |||
| data and issue certificates with their private key. This document | data and issue certificates with their private key. This document | |||
| skipping to change at page 13, line 26 | skipping to change at page 13, line 26 | |||
| o Removed a the second paragraph in section 8. | o Removed a the second paragraph in section 8. | |||
| o Changed the example in Appendix A (Cert created without the | o Changed the example in Appendix A (Cert created without the | |||
| leading zeroes in HITs). | leading zeroes in HITs). | |||
| Changes from version 07 to 08: | Changes from version 07 to 08: | |||
| o Updated and checked the references. | o Updated and checked the references. | |||
| Changes from version 08 to 09: | ||||
| o Fixing boilerplate. | ||||
| Authors' Addresses | Authors' Addresses | |||
| Tobias Heer | Tobias Heer | |||
| Distributed Systems Group, RWTH Aachen University | Distributed Systems Group, RWTH Aachen University | |||
| Ahornstrasse 55 | Ahornstrasse 55 | |||
| Aachen | Aachen | |||
| Germany | Germany | |||
| Phone: +49 241 80 214 36 | Phone: +49 241 80 214 36 | |||
| Email: heer@cs.rwth-aachen.de | Email: heer@cs.rwth-aachen.de | |||
| End of changes. 7 change blocks. | ||||
| 17 lines changed or deleted | 23 lines changed or added | |||
This html diff was produced by rfcdiff 1.40. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||