Host Identity Protocol Certificates
draft-ietf-hip-rfc6253-bis-09

[Ballot comment]
Personal preference: I like it when there is a table of content, as it allows me to quickly find a section such as "Differences from RFC 6253".
And regarding this specific section, you have a nice disclaimer just to one "simple" change :-) I thought it was a template for a HIP bis document, but actually not (checked 5203, 5204, 5205).

[Ballot comment]
I agree with Alexey's discuss comment that the IANA considerations from the obsoleted RFC need to be pulled forward to this one. In my opinion, if the RFC is obsoleted, one should no longer need to read it.

[Ballot comment]
Why is MAY used int he error handling and not MUST or listing these actions as RECOMMENDED?

Thanks for addressing the SecDir review:
https://www.ietf.org/mail-archive/web/secdir/current/msg06366.html

[Ballot discuss]
I don't believe IANA Considerations section is correct: it points to a document that gets obsoleted by this one, yet the original document creates new subregistries. This makes the status of earlier established registries unclear.
I think you should copy the original IANA registration section in its entirety and clearly mark new allocations in it.

(Via drafts-lastcall-comment@iana.org): IESG/Authors/WG Chairs:

IANA has completed its review of draft-ietf-hip-rfc6253-bis-06.txt. If any part of this review is inaccurate, please let us know.

IANA has a question about one of the actions requested in the IANA Considerations section of this document.

IANA understands that, upon approval of this document, there are two actions which IANA must complete.

First, on the IANA Matrix and the HIP Certificate Types subregistry of the Host Identity Protocol (HIP) Parameters registry located at:

https://www.iana.org/assignments/hip-parameters/

all references to [RFC6253] will be changed to [ RFC-to-be ].

Second, the authors state that: " This document changes Certificate type registry in Section 2." The current HIP Certificate Types subregistry of the Host Identity Protocol (HIP) Parameters registry located at:

https://www.iana.org/assignments/hip-parameters/

is as follows:

Type Cert
Number Format Reference
------ ------------------------------ ---------
0 Reserved [RFC6253]
1 X.509 v3 [RFC6253]
2 SPKI [RFC6253]
3 Hash and URL of X.509 v3 [RFC6253]
4 Hash and URL of SPKI [RFC6253]
5 LDAP URL of X.509 v3 [RFC6253]
6 LDAP URL of SPKI [RFC6253]
7 Distinguished Name of X.509 v3 [RFC6253]

Section 2 of the current document has a suggestion that certificate types are defined as follows:

+--------------------------------+-------------+
| Cert format | Type number |
+--------------------------------+-------------+
| Reserved | 0 |
| X.509 v3 | 1 |
| Hash and URL of X.509 v3 | 2 |
| LDAP URL of X.509 v3 | 3 |
| Distinguished Name of X.509 v3 | 4 |
+--------------------------------+-------------+

IANA QUESTION --> Is it the authors intention to replace the existing registry completely? What is the authors' intentions regarding existing values in the registry?

IANA understands that the two actions above are the only ones required to be completed upon approval of this document.

IANA will not be able to complete the registry actions for this document until these issues have been resolved.

Note:  The actions requested in this document will not be completed until the document has been approved for publication as an RFC. This message is only to confirm what actions will be performed. 


Thank you,

Sabrina Tanamal
IANA Specialist
ICANN

The following Last Call announcement was sent out:

From: The IESG
To: "IETF-Announce"
CC: hipsec@ietf.org, gonzalo.camarillo@ericsson.com, draft-ietf-hip-rfc6253-bis@ietf.org, "Gonzalo Camarillo" , hip-chairs@ietf.org, terry.manderson@icann.org
Reply-To: ietf@ietf.org
Sender:
Subject: Last Call:  (Host Identity Protocol Certificates) to Proposed Standard


The IESG has received a request from the Host Identity Protocol WG (hip)
to consider the following document:
- 'Host Identity Protocol Certificates'
  as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf@ietf.org mailing lists by 2015-12-28. Exceptionally, comments may be
sent to iesg@ietf.org instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.

Abstract


  The Certificate (CERT) parameter is a container for digital
  certificates.  It is used for carrying these certificates in Host
  Identity Protocol (HIP) control packets.  This document specifies the
  certificate parameter and the error signaling in case of a failed
  verification.  Additionally, this document specifies the
  representations of Host Identity Tags in X.509 version 3 (v3).

  The concrete use cases of certificates, including how certificates
  are obtained, requested, and which actions are taken upon successful
  or failed verification, are specific to the scenario in which the
  certificates are used.  Hence, the definition of these scenario-
  specific aspects is left to the documents that use the CERT
  parameter.

  This document updates RFC7401 and obsoletes RFC6253.




The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-hip-rfc6253-bis/

IESG discussion can be tracked via
https://datatracker.ietf.org/doc/draft-ietf-hip-rfc6253-bis/ballot/


No IPR declarations have been submitted directly on this I-D.

Document Writeup for draft-ietf-hip-rfc6253-bis-05

(1) What type of RFC is being requested (BCP, Proposed Standard,
Internet Standard, Informational, Experimental, or Historic)? Why is
this the proper type of RFC? Is this type of RFC indicated in the
title page header?

  Proposed Standard. This document is intended to obsolete RFC 6253,
  which was an Experimental RFC.

(2) The IESG approval announcement includes a Document Announcement
Write-Up. Please provide such a Document Announcement Write-Up. Recent
examples can be found in the "Action" announcements for approved
documents. The approval announcement contains the following sections:

Technical Summary:

  The Certificate (CERT) parameter is a container for digital
  certificates.  It is used for carrying these certificates in Host
  Identity Protocol (HIP) control packets.  This document specifies
  the certificate parameter and the error signaling in case of a
  failed verification.  Additionally, this document specifies the
  representations of Host Identity Tags in X.509 version 3 (v3) and
  Simple Public Key Infrastructure (SPKI) certificates.

  The concrete use cases of certificates, including how certificates
  are obtained, requested, and which actions are taken upon successful
  or failed verification, are specific to the scenario in which the
  certificates are used.  Hence, the definition of these scenario-
  specific aspects is left to the documents that use the CERT
  parameter.

  This document extends RFC7401 and obsoletes RFC6253.

Working Group Summary:


  There was WG consensus behind this document.

Document Quality:

  As discussed in RFC 6538, there are several implementations of the
  Experimental HIP specs. At least HIP for Linux (HIPL) and OpenHIP
  will be updated to comply with the standards-track specs. The
  example in the RFC was tested with the HIPL implementation, which
  uses the openssl library.

Personnel:

Who is the Document Shepherd? Who is the Responsible Area Director?

  Gonzalo Camarillo is the document shepherd. Terry Manderson is the
  responsible area director.

(3) Briefly describe the review of this document that was performed by
the Document Shepherd. If this version of the document is not ready
for publication, please explain why the document is being forwarded to
the IESG.

  The document shepherd reviewed revision 04 of this document, which
  was ready for publication.

(4) Does the document Shepherd have any concerns about the depth or
breadth of the reviews that have been performed?

  No.

(5) Do portions of the document need review from a particular or from
broader perspective, e.g., security, operational complexity, AAA, DNS,
DHCP, XML, or internationalization? If so, describe the review that
took place.

  No.

(6) Describe any specific concerns or issues that the Document
Shepherd has with this document that the Responsible Area Director
and/or the IESG should be aware of? For example, perhaps he or she is
uncomfortable with certain parts of the document, or has concerns
whether there really is a need for it. In any event, if the WG has
discussed those issues and has indicated that it still wishes to
advance the document, detail those concerns here.

  No concerns.

(7) Has each author confirmed that any and all appropriate IPR
disclosures required for full conformance with the provisions of BCP
78 and BCP 79 have already been filed. If not, explain why?

  Yes.

(8) Has an IPR disclosure been filed that references this document? If
so, summarize any WG discussion and conclusion regarding the IPR
disclosures.

  No.

(9) How solid is the WG consensus behind this document? Does it
represent the strong concurrence of a few individuals, with others
being silent, or does the WG as a whole understand and agree with it?
 
  The whole WG understands the document and agree with it. Note that
  this is the revision of an existing RFC (i.e., a bis document).

(10) Has anyone threatened an appeal or otherwise indicated extreme
discontent? If so, please summarise the areas of conflict in separate
email messages to the Responsible Area Director. (It should be in a
separate email because this questionnaire is publicly available.)

  No.

(11) Identify any ID nits the Document Shepherd has found in this
document. (See http://www.ietf.org/tools/idnits/ and the
Internet-Drafts Checklist). Boilerplate checks are not enough; this
check needs to be thorough.

  The document contains no nits.

(12) Describe how the document meets any required formal review
criteria, such as the MIB Doctor, media type, and URI type reviews.

  No formal reviews are needed.

(13) Have all references within this document been identified as
either normative or informative?

  Yes.

(14) Are there normative references to documents that are not ready
for advancement or are otherwise in an unclear state? If such
normative references exist, what is the plan for their completion?

  No.

(15) Are there downward normative references references (see RFC
3967)? If so, list these downward references to support the Area
Director in the Last Call procedure.

  The document contains no downward normative references.

(16) Will publication of this document change the status of any
existing RFCs? Are those RFCs listed on the title page header, listed
in the abstract, and discussed in the introduction? If the RFCs are
not listed in the Abstract and Introduction, explain why, and point to
the part of the document where the relationship of this document to
the other RFCs is discussed. If this information is not in the
document, explain why the WG considers it unnecessary.

  This document will obsolete RFC 6253 and update RFC 7401. This is
  reflected on the title page header and the abstract.

(17) Describe the Document Shepherd's review of the IANA
considerations section, especially with regard to its consistency with
the body of the document. Confirm that all protocol extensions that
the document makes are associated with the appropriate reservations in
IANA registries. Confirm that any referenced IANA registries have been
clearly identified. Confirm that newly created IANA registries include
a detailed specification of the initial contents for the registry,
that allocations procedures for future registrations are defined, and
a reasonable name for the new registry has been suggested (see RFC
5226).

  The IANA Considerations Section is complete and consistent.

(18) List any new IANA registries that require Expert Review for
future allocations. Provide any public guidance that the IESG would
find useful in selecting the IANA Experts for these new registries.

  This document does not modify the allocation policy of any IANA
  registry.

(19) Describe reviews and automated checks performed by the Document
Shepherd to validate sections of the document written in a formal
language, such as XML code, BNF rules, MIB definitions, etc.
 
  No such checks were needed.