| draft-ietf-hip-rfc6253-bis-07.txt | draft-ietf-hip-rfc6253-bis-08.txt | |||
|---|---|---|---|---|
| Host Identity Protocol T. Heer | Host Identity Protocol T. Heer | |||
| Internet-Draft Albstadt-Sigmaringen University | Internet-Draft Albstadt-Sigmaringen University | |||
| Obsoletes: 6253 (if approved) S. Varjonen | Obsoletes: 6253 (if approved) S. Varjonen | |||
| Updates: 7401 (if approved) University of Helsinki | Updates: 7401 (if approved) University of Helsinki | |||
| Intended status: Standards Track February 26, 2016 | Intended status: Standards Track April 22, 2016 | |||
| Expires: August 29, 2016 | Expires: October 24, 2016 | |||
| Host Identity Protocol Certificates | Host Identity Protocol Certificates | |||
| draft-ietf-hip-rfc6253-bis-07 | draft-ietf-hip-rfc6253-bis-08 | |||
| Abstract | Abstract | |||
| The Certificate (CERT) parameter is a container for digital | The Certificate (CERT) parameter is a container for digital | |||
| certificates. It is used for carrying these certificates in Host | certificates. It is used for carrying these certificates in Host | |||
| Identity Protocol (HIP) control packets. This document specifies the | Identity Protocol (HIP) control packets. This document specifies the | |||
| certificate parameter and the error signaling in case of a failed | certificate parameter and the error signaling in case of a failed | |||
| verification. Additionally, this document specifies the | verification. Additionally, this document specifies the | |||
| representations of Host Identity Tags in X.509 version 3 (v3). | representations of Host Identity Tags in X.509 version 3 (v3). | |||
| skipping to change at page 1, line 46 ¶ | skipping to change at page 1, line 46 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on August 29, 2016. | This Internet-Draft will expire on October 24, 2016. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2016 IETF Trust and the persons identified as the | Copyright (c) 2016 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
| skipping to change at page 3, line 15 ¶ | skipping to change at page 3, line 15 ¶ | |||
| The CERT parameter can be used in all HIP packets. However, using it | The CERT parameter can be used in all HIP packets. However, using it | |||
| in the first Initiator (I1) packet is NOT RECOMMENDED because it can | in the first Initiator (I1) packet is NOT RECOMMENDED because it can | |||
| increase the processing times of I1s, which can be problematic when | increase the processing times of I1s, which can be problematic when | |||
| processing storms of I1s. Each HIP control packet MAY contain | processing storms of I1s. Each HIP control packet MAY contain | |||
| multiple CERT parameters each carrying one certificate. These | multiple CERT parameters each carrying one certificate. These | |||
| parameters MAY be related or unrelated. Related certificates are | parameters MAY be related or unrelated. Related certificates are | |||
| managed in CERT groups. A CERT group specifies a group of related | managed in CERT groups. A CERT group specifies a group of related | |||
| CERT parameters that SHOULD be interpreted in a certain order (e.g., | CERT parameters that SHOULD be interpreted in a certain order (e.g., | |||
| for expressing certificate chains). Ungrouped certificates exhibit a | for expressing certificate chains). Ungrouped certificates exhibit a | |||
| unique CERT group field and set the CERT count to 1. CERT parameters | unique CERT group field and set the CERT count to 1. CERT parameters | |||
| with the same CERT group number in the group field indicate a logical | with the same group number in the CERT group field indicate a logical | |||
| grouping. The CERT count field indicates the number of CERT | grouping. The CERT count field indicates the number of CERT | |||
| parameters in the group. | parameters in the group. | |||
| CERT parameters that belong to the same CERT group MAY be contained | CERT parameters that belong to the same CERT group MAY be contained | |||
| in multiple sequential HIP control packets. This is indicated by a | in multiple sequential HIP control packets. This is indicated by a | |||
| higher CERT count than the amount of CERT parameters with matching | higher CERT count than the amount of CERT parameters with matching | |||
| CERT group fields in a HIP control packet. The CERT parameters MUST | CERT group fields in a HIP control packet. The CERT parameters MUST | |||
| be placed in ascending order, within a HIP control packet, according | be placed in ascending order, within a HIP control packet, according | |||
| to their CERT group field. CERT groups MAY only span multiple | to their CERT group field. CERT groups MAY only span multiple | |||
| packets if the CERT group does not fit the packet. A HIP packet MUST | packets if the CERT group does not fit the packet. A HIP packet MUST | |||
| skipping to change at page 11, line 17 ¶ | skipping to change at page 11, line 17 ¶ | |||
| o Removed the SPKI references from the document. | o Removed the SPKI references from the document. | |||
| Changes from version 05 to 06: | Changes from version 05 to 06: | |||
| o Addressed the Int-Dir review comments from Korhonen. | o Addressed the Int-Dir review comments from Korhonen. | |||
| Changes from version 06 to 07: | Changes from version 06 to 07: | |||
| o Addressed the GenArt, OPSdir, SecDir, and IANA comments. | o Addressed the GenArt, OPSdir, SecDir, and IANA comments. | |||
| Changes from version 07 to 08: | ||||
| o Addresses one editorial nit for CERT group numbers. | ||||
| Authors' Addresses | Authors' Addresses | |||
| Tobias Heer | Tobias Heer | |||
| Albstadt-Sigmaringen University | Albstadt-Sigmaringen University | |||
| Poststr. 6 | Poststr. 6 | |||
| 72458 Albstadt | 72458 Albstadt | |||
| Germany | Germany | |||
| Email: heer@hs-albsig.de | Email: heer@hs-albsig.de | |||
| End of changes. 5 change blocks. | ||||
| 5 lines changed or deleted | 9 lines changed or added | |||
This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||