ENUM Validation Token Format Definition
draft-ietf-enum-validation-token-04
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2012-08-22
|
04 | (System) | post-migration administrative database adjustment to the No Objection position for Tim Polk |
2007-11-05
|
04 | (System) | IANA Action state changed to RFC-Ed-Ack from Waiting on RFC Editor |
2007-11-05
|
04 | (System) | IANA Action state changed to Waiting on RFC Editor from In Progress |
2007-11-05
|
04 | (System) | IANA Action state changed to In Progress from Waiting on Authors |
2007-10-26
|
04 | (System) | IANA Action state changed to Waiting on Authors from In Progress |
2007-10-26
|
04 | (System) | IANA Action state changed to In Progress |
2007-10-25
|
04 | Amy Vezza | State Changes to RFC Ed Queue from Approved-announcement sent by Amy Vezza |
2007-10-25
|
04 | Amy Vezza | IESG state changed to Approved-announcement sent |
2007-10-25
|
04 | Amy Vezza | IESG has approved the document |
2007-10-25
|
04 | Amy Vezza | Closed "Approve" ballot |
2007-08-21
|
04 | Amy Vezza | State Changes to Approved-announcement to be sent from IESG Evaluation::AD Followup by Amy Vezza |
2007-08-09
|
04 | Tim Polk | [Ballot Position Update] Position for Tim Polk has been changed to No Objection from Discuss by Tim Polk |
2007-08-09
|
04 | (System) | Sub state has been changed to AD Follow up from New Id Needed |
2007-08-09
|
04 | (System) | New version available: draft-ietf-enum-validation-token-04.txt |
2007-07-06
|
04 | (System) | Removed from agenda for telechat - 2007-07-05 |
2007-07-05
|
04 | Amy Vezza | State Changes to IESG Evaluation::Revised ID Needed from IESG Evaluation by Amy Vezza |
2007-07-05
|
04 | Cullen Jennings | [Ballot Position Update] Position for Cullen Jennings has been changed to No Objection from Discuss by Cullen Jennings |
2007-07-05
|
04 | Cullen Jennings | [Ballot comment] The idea of the infinite validity seems very scary. I would prefer to see the expirationDate not be optionally. My worry is that, … [Ballot comment] The idea of the infinite validity seems very scary. I would prefer to see the expirationDate not be optionally. My worry is that, it is very likely that expirationDate will not be implemented at all. I think it would be better of the XML for civil address information lined up with the XML for civic location in geopriv. The signature seem to be computed across all the data meaning that the tokendata information can not be removed. I can't decide if this is a bug or a feature. |
2007-07-05
|
04 | Cullen Jennings | [Ballot discuss] |
2007-07-05
|
04 | (System) | [Ballot Position Update] New position, No Objection, has been recorded for Chris Newman by IESG Secretary |
2007-07-05
|
04 | (System) | [Ballot Position Update] New position, No Objection, has been recorded for Lisa Dusseault by IESG Secretary |
2007-07-05
|
04 | Mark Townsley | [Ballot Position Update] New position, No Objection, has been recorded by Mark Townsley |
2007-07-04
|
04 | Cullen Jennings | [Ballot discuss] These are all discuss discuss comments and I will sort them into delete/discuss/comment after the call. This looks a lot like the the … [Ballot discuss] These are all discuss discuss comments and I will sort them into delete/discuss/comment after the call. This looks a lot like the the ENUM group is constructing an XML based certificate. However the chaining here is very unclear to me. If the registrarID in the token is reg-4711, does the certificate used to sing the token have to have reg-4711 somewhere in it or will just any certificate do to sign? From that point of view I'm confused on how validationEntityID and registrarID are kept unique unless this is only meant for used in a walled garden. I have not gone and read the background, I could be just very confused on this. It seems like if these were URI that would resolve it. Similarly, is an registry needed around the methodID. The idea of the infinite validity certificate seems sort of scary given LNP. I would prefer to see the expirationDate not be optionally. I think it would be better of the XML for civil address information lined up with the XML for civic location in geopriv. The signature seem to be computed across all the data meaning that the tokendata information can not be removed. I can't decide if this is a bug or a feature. |
2007-07-04
|
04 | Cullen Jennings | [Ballot Position Update] Position for Cullen Jennings has been changed to Discuss from Undefined by Cullen Jennings |
2007-07-04
|
04 | Cullen Jennings | [Ballot discuss] These are all discuss discuss comments and I will sort them into delete/discuss/comment after the call. This looks a lot like the the … [Ballot discuss] These are all discuss discuss comments and I will sort them into delete/discuss/comment after the call. This looks a lot like the the ENUM group is constructing an XML based certificate. However the chaining here is very unclear to me. If the registrarID in the token is reg-4711, does the certificate used to sing the token have to have reg-4711 somewhere in it or will just any certificate do to sign? From that point of view I'm confused on how validationEntityID and registrarID are kept unique unless this is only meant for used in a walled garden. I have not gone and read the background, I could be just very confused on this. It seems like if these were URI that would resolve it. Similarly, is an registry needed around the methodID. The idea of the infinite validity certificate seems sort of scary given LNP. I would prefer to see the expirationDate not be optionally. I think it would be better of the XML for civil address information lined up with the XML for civic location in geopriv. The signature seem to be computed across all the data meaning that the tokendata information can not be removed. I can't decide if this is a bug or a feature. |
2007-07-04
|
04 | Cullen Jennings | [Ballot Position Update] Position for Cullen Jennings has been changed to Undefined from Discuss by Cullen Jennings |
2007-07-04
|
04 | Cullen Jennings | [Ballot discuss] These are all discuss discuss comments and I will sort them into delete/discuss/comment after the call. This looks a lot like the the … [Ballot discuss] These are all discuss discuss comments and I will sort them into delete/discuss/comment after the call. This looks a lot like the the ENUM group is constructing an XML based certificate. However the chaining here is very unclear to me. If the registrarID in the token is reg-4711, does the certificate used to sing the token have to have reg-4711 somewhere in it or will just any certificate do to sign? From that point of view I'm confused on how validationEntityID and registrarID are kept unique unless this is only meant for used in a walled garden. I have not gone and read the background, I could be just very confused on this. It seems like if these were URI that would resolve it. Similarly, is an registry needed around the methodID. The idea of the infinite validity certificate seems sort of scary given LNP. I would prefer to see the expirationDate not be optionally. I think it would be better of the XML for civil address information lined up with the XML for civic location in geopriv. The signature seem to be computed across all the data meaning that the tokendata information can not be removed. I can't decide if this is a bug or a feature. |
2007-07-04
|
04 | Cullen Jennings | [Ballot Position Update] New position, Discuss, has been recorded by Cullen Jennings |
2007-07-04
|
04 | Cullen Jennings | I was having some tool weirdness - all the discusses below are the same - I just entered them multiple times. |
2007-07-03
|
04 | Tim Polk | [Ballot discuss] This specification is silent with respect to RSA key sizes. To promote interoperability and ensure a migration path, all implementations need to support … [Ballot discuss] This specification is silent with respect to RSA key sizes. To promote interoperability and ensure a migration path, all implementations need to support 1024 and 2048 bit RSA at a minumum! This should apply to both VEs and the Registry. I would prefer to see text addressing key sizes in Section 3, but the security considerations section is another possibility. The specification is also unclear with respect to conformance requirements with resoect to digital signature algorithm support. In section 3, the document specifies: Validation Entities MUST be able to sign tokens according to XML- DSIG, MUST support at least SHA-256 as the digest algorithm and MUST be able to embed X.509 [10] certificates. XML-DSIG (RFC 3275) defines RSA-SHA1 and DSA-SHA1. RSA-SHA256 is the only signature algorithm with SHA-256 specified in RFC 4051. (I am assuming the refernce to 4051 based on the previous paragraph...) Does this sentence imply that VEs MUST implement RSA-SHA1, DSA-SHA1, and RSA-SHA256? I would suggest calling out RSA-SHA1 and RSA-SHA256 explicitly as mandatory to implement, and DSA-SHA1 as a SHOULD implement. |
2007-07-03
|
04 | Tim Polk | [Ballot discuss] This specification is silent with respect to RSA key sizes. To promote interoperability and ensure a migration path, all implementations need to support … [Ballot discuss] This specification is silent with respect to RSA key sizes. To promote interoperability and ensure a migration path, all implementations need to support 1024 and 2048 bit RSA at a minumum! This should apply to both VEs and the Registry. I would prefer to see text addressing key sizes in Section 3, but the security considerations section is another possibility. The specification is also unclear with respect to conformance requirements with resoect to digital signature algorithm support. In section 3, the document specifies: Validation Entities MUST be able to sign tokens according to XML- DSIG, MUST support at least SHA-256 as the digest algorithm and MUST be able to embed X.509 [10] certificates. XML-DSIG (RFC 3275) defines RSA-SHA1 and DSA-SHA1. RSA-SHA256 is the only signature algorithm with SHA-256 specified in RFC 4051. (I am assuming the refernce to 4051 based on the previous paragraph...) Does this sentence imply that VEs MUST implement RSA-SHA1, DSA-SHA1, and RSA-SHA256? I would suggest calling out RSA-SHA1 and RSA-SHA256 explicitly as mandatory to implement, and DSA-SHA1 as a SHOULD implement. |
2007-07-03
|
04 | Tim Polk | [Ballot Position Update] New position, Discuss, has been recorded by Tim Polk |
2007-07-03
|
04 | David Ward | [Ballot Position Update] New position, No Objection, has been recorded by David Ward |
2007-07-03
|
04 | Jari Arkko | [Ballot Position Update] New position, No Objection, has been recorded by Jari Arkko |
2007-07-02
|
04 | Ross Callon | [Ballot Position Update] New position, No Objection, has been recorded by Ross Callon |
2007-07-02
|
04 | Ron Bonica | [Ballot Position Update] New position, No Objection, has been recorded by Ron Bonica |
2007-07-02
|
04 | Magnus Westerlund | [Ballot comment] Section 3. Validation Entities MUST be able to sign tokens according to XML- DSIG, MUST support at least SHA-256 as the … [Ballot comment] Section 3. Validation Entities MUST be able to sign tokens according to XML- DSIG, MUST support at least SHA-256 as the digest algorithm and MUST be able to embed X.509 [10] certificates. I would propose to remove "at least". If one likes to point out that you may also support other algorithms, then add "and MAY support other algorithms". I also think there should be a referene for "SHA-256". |
2007-07-02
|
04 | Magnus Westerlund | [Ballot Position Update] Position for Magnus Westerlund has been changed to No Objection from Discuss by Magnus Westerlund |
2007-07-02
|
04 | Magnus Westerlund | [Ballot Position Update] New position, Discuss, has been recorded by Magnus Westerlund |
2007-07-02
|
04 | Lars Eggert | [Ballot comment] Section 4., paragraph 0: > 4. Field Descriptions Definitions and descriptions of the elements should use RFC2119 terminology. Section 11.2., paragraph … |
2007-07-02
|
04 | Lars Eggert | [Ballot Position Update] New position, No Objection, has been recorded by Lars Eggert |
2007-07-02
|
04 | Dan Romascanu | [Ballot comment] From the PROTO write-up: 4. Do you have concerns that the document needs more review from a particular (broader) perspective (e.g., security, operational … [Ballot comment] From the PROTO write-up: 4. Do you have concerns that the document needs more review from a particular (broader) perspective (e.g., security, operational complexity, someone familiar with AAA, etc.)? *Not really. Maybe some XML experts could have a look on the final version of this draft. It would be useful indeed to confirm that some XML expert review happened and record it in the tracker. |
2007-07-02
|
04 | Dan Romascanu | [Ballot Position Update] New position, No Objection, has been recorded by Dan Romascanu |
2007-06-28
|
04 | Jon Peterson | Placed on agenda for telechat - 2007-07-05 by Jon Peterson |
2007-06-28
|
04 | Jon Peterson | [Ballot Position Update] New position, Yes, has been recorded for Jon Peterson |
2007-06-28
|
04 | Jon Peterson | Ballot has been issued by Jon Peterson |
2007-06-28
|
04 | Jon Peterson | Created "Approve" ballot |
2007-06-28
|
04 | Jon Peterson | State Changes to IESG Evaluation from Waiting for Writeup by Jon Peterson |
2007-06-07
|
04 | Samuel Weiler | Request for Last Call review by SECDIR Completed. Reviewer: Juergen Quittek. |
2007-05-31
|
04 | (System) | State has been changed to Waiting for Writeup from In Last Call by system |
2007-05-28
|
04 | Yoshiko Fong | IANA Last Call Comments: Upon approval of this document, the IANA will take the following Actions: Action 1: Upon approval of this document, the IANA … IANA Last Call Comments: Upon approval of this document, the IANA will take the following Actions: Action 1: Upon approval of this document, the IANA will make the following assignments in the "ns (XML Namespace)" registry located at http://www.iana.org/assignments/xml-registry/ns.html ID URI Registration Template Reference ------------- ------------ -------------- ---------- enum-token-1.0 urn:ietf:params:xml:ns:enum-token-1.0 [ Section 8 ] [RFC-enum-validation-token-03] enum-tokendata-1.0 urn:ietf:params:xml:ns:enum-tokendata-1.0 [ Section 8 ] [RFC-enum-validation-token-03] Action 2: Upon approval of this document, the IANA will make the following assignments in the "schema (XML Schema)" registry located at http://www.iana.org/assignments/xml-registry/schema.html ID URL Filename Reference ------------- ------------ -------- ---------- enum-token-1.0 urn:ietf:params:xml:schema:enum-token-1.0 [ Section 6.1 ] [RFC-enum-validation-token-03] enum-tokendata-1.0 urn:ietf:params:xml:schema:enum-tokendata-1.0 [ Section 6.2 ] [RFC-enum-validation-token-03] We understand the above to be the only IANA Actions for this document. |
2007-05-28
|
04 | Yoshiko Fong | IANA Last Call Comments: Upon approval of this document, the IANA will take the following Actions: Action 1: Upon approval of this document, the IANA … IANA Last Call Comments: Upon approval of this document, the IANA will take the following Actions: Action 1: Upon approval of this document, the IANA will make the following assignments in the "ns (XML Namespace)" registry located at http://www.iana.org/assignments/xml-registry/ns.html ID URI Registration Template Reference ------------- ------------ -------------- ---------- enum-token-1.0 urn:ietf:params:xml:ns:enum-token-1.0 [ Section 8 ] [RFC-enum-validation-token-03] enum-tokendata-1.0 urn:ietf:params:xml:ns:enum-tokendata-1.0 [ Section 8 ] [RFC-enum-validation-token-03] Action 2: Upon approval of this document, the IANA will make the following assignments in the "schema (XML Schema)" registry located at http://www.iana.org/assignments/xml-registry/schema.html ID URL Filename Reference ------------- ------------ -------- ---------- enum-token-1.0 urn:ietf:params:xml:schema:enum-token-1.0 [ Section 6.1 ] [RFC-enum-validation-token-03] enum-tokendata-1.0 urn:ietf:params:xml:schema:enum-tokendata-1.0 [ Section 6.2 ] [RFC-enum-validation-token-03] We understand the above to be the only IANA Actions for this document. |
2007-05-17
|
04 | Samuel Weiler | Request for Last Call review by SECDIR is assigned to Juergen Quittek |
2007-05-17
|
04 | Samuel Weiler | Request for Last Call review by SECDIR is assigned to Juergen Quittek |
2007-05-17
|
04 | Amy Vezza | Last call sent |
2007-05-17
|
04 | Amy Vezza | State Changes to In Last Call from Last Call Requested by Amy Vezza |
2007-05-16
|
04 | Jon Peterson | State Changes to Last Call Requested from AD Evaluation::AD Followup by Jon Peterson |
2007-05-16
|
04 | Jon Peterson | Last Call was requested by Jon Peterson |
2007-05-16
|
04 | (System) | Ballot writeup text was added |
2007-05-16
|
04 | (System) | Last call text was added |
2007-05-16
|
04 | (System) | Ballot approval text was added |
2007-05-08
|
04 | (System) | Sub state has been changed to AD Follow up from New Id Needed |
2007-05-08
|
03 | (System) | New version available: draft-ietf-enum-validation-token-03.txt |
2007-04-24
|
04 | Jon Peterson | State Changes to AD Evaluation::Revised ID Needed from AD Evaluation by Jon Peterson |
2006-11-05
|
04 | Jon Peterson | State Changes to AD Evaluation from Publication Requested by Jon Peterson |
2006-08-10
|
04 | Dinara Suleymanova | PROTO Write-up 1. Have the chairs personally reviewed this version of the Internet Draft (ID), and in particular, do they believe this ID is ready … PROTO Write-up 1. Have the chairs personally reviewed this version of the Internet Draft (ID), and in particular, do they believe this ID is ready to forward to the IESG for publication? *Yes the document has been reviewed by the WG chairs. 2. Has the document had adequate review from both key WG members and key non-WG members? *Yes, the document was reviewed by WG members as well as other persons. The concepts represented in this document have influence on other documents in the ENUM scene. In addition, a presentation on a recent IETF meeting about the document was given. This document is part of a series on ENUM validation. 3. Do you have any concerns about the depth or breadth of the reviews that have been performed? *There are no concerns about depth or breadth of the reviews. 4. Do you have concerns that the document needs more review from a particular (broader) perspective (e.g., security, operational complexity, someone familiar with AAA, etc.)? *Not really. Maybe some XML experts could have a look on the final version of this draft. 5. Do you have any specific concerns/issues with this document that you believe the ADs and/or IESG should be aware of? For example, perhaps you are uncomfortable with certain parts of the document, or have concerns whether there really is a need for it. In any event, if your issues have been discussed in the WG and the WG has indicated it that it still wishes to advance the document, detail those concerns in the write-up. *No concerns. 6. How solid is the WG consensus behind this document? Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it? *The majority of the working group members have expressed their appreciation of the document. Suggestions from members have been incorporated into the document. 7. Has anyone threatened an appeal or otherwise indicated extreme discontent? If so, please summarise the areas of conflict in separate email to the Responsible Area Director. *No, there are no known threats to appeal. 8. Have the chairs verified that the document adheres to all of the ID Checklist items ? *Yes. 9. Is the document split into normative and informative references? Are there normative references to IDs, where the IDs are not also ready for advancement or are otherwise in an unclear state? (note here that the RFC editor will not publish an RFC with normative references to IDs, it will delay publication until all such IDs are also ready for publication as RFCs.) **References are properly split, there are no normative references to IDs. However, there are two non-normative references to IDs: * draft-ietf-enum-validation-arch (Publication Requested) * draft-ietf-enum-validation-epp (I-D Exists), 10. What is the intended status of the document? (e.g., Proposed Standard, Informational?) *The intended status is Proposed Standard. 11. For Standards Track and BCP documents, the IESG approval announcement includes a write-up section with the following sections: o Technical Summary o Working Group Summary o Protocol Quality Technical Summary (Same as Abstract): An ENUM domain name is tightly coupled with the underlying E.164 number. The process of verifying whether the Registrant of an ENUM domain name is identical to the Assignee of the corresponding E.164 number is commonly called "validation". This document describes a signed XML data format -- the Validation Token -- with which Validation Entities can convey successful completion of a validation procedure in a secure fashion. Working Group Summary: No controversial issues with this document. Protocol Quality: * Are there existing implementations of the protocol? * enum.at implemented a Perl module to handle the Validation Token generation and checking. This is in use in the production ENUM registry for +43, as well as on the side of the registrar sil.at. * IPcom implemented a Java version of the Token generation for the my-enum.at portal. * Internic.at interfaces with the ENUM registry using their own implementation. * Is this protocol used in practice? The Austrian ENUM registry for +43 is using an earlier version of the protocol. The changes to the current draft were made to support number blocks (as used in closed numbering plans), to make the address format less specific to Austrian needs, and to harmonize the XML tag names as used in other drafts. * Have a significant number of vendors indicated they plan to implement the specification? Registrars for 3.4.e164.arpa need to implement this (unless they use the toolkit enum.at is providing). * Are there any reviewers that merit special mention as having done a thorough review (i.e., that resulted in important changes or a conclusion that the document had no substantive issues)? Alexander Mayrhofer had a thorough review and provided substantial feedback, which has been incorporated into the document. No substantive issues. |
2006-08-10
|
04 | Dinara Suleymanova | Draft Added by Dinara Suleymanova in state Publication Requested |
2006-02-27
|
02 | (System) | New version available: draft-ietf-enum-validation-token-02.txt |
2006-02-13
|
01 | (System) | New version available: draft-ietf-enum-validation-token-01.txt |
2005-10-10
|
00 | (System) | New version available: draft-ietf-enum-validation-token-00.txt |