Clearance Attribute and Authority Clearance Constraints Certificate Extension
draft-ietf-pkix-authorityclearanceconstraints-03
Revision differences
Document history
| Date | Rev. | By | Action |
|---|---|---|---|
|
2012-08-22
|
03 | (System) | post-migration administrative database adjustment to the No Objection position for Dan Romascanu |
|
2012-08-22
|
03 | (System) | post-migration administrative database adjustment to the No Objection position for Adrian Farrel |
|
2010-04-01
|
03 | Amy Vezza | State Changes to RFC Ed Queue from Approved-announcement sent by Amy Vezza |
|
2010-03-23
|
03 | (System) | IANA Action state changed to No IC from In Progress |
|
2010-03-23
|
03 | (System) | IANA Action state changed to In Progress from No IC |
|
2010-03-23
|
03 | Amy Vezza | IESG state changed to Approved-announcement sent |
|
2010-03-23
|
03 | Amy Vezza | IESG has approved the document |
|
2010-03-20
|
03 | Cindy Morgan | State Changes to Approved-announcement to be sent from Waiting for AD Go-Ahead by Cindy Morgan |
|
2010-03-17
|
03 | (System) | State has been changed to Waiting for AD Go-Ahead from In Last Call by system |
|
2010-03-03
|
03 | Cindy Morgan | Last call sent |
|
2010-03-03
|
03 | Cindy Morgan | State Changes to In Last Call from Last Call Requested by Cindy Morgan |
|
2010-03-03
|
03 | Tim Polk | State Changes to Last Call Requested from IESG Evaluation::AD Followup by Tim Polk |
|
2010-03-03
|
03 | Tim Polk | Last Call was requested by Tim Polk |
|
2010-03-03
|
03 | Cindy Morgan | State Changes to IESG Evaluation::AD Followup from RFC Ed Queue by Cindy Morgan |
|
2010-02-19
|
03 | Cindy Morgan | State Changes to RFC Ed Queue from Approved-announcement sent by Cindy Morgan |
|
2010-02-19
|
03 | (System) | IANA Action state changed to No IC from In Progress |
|
2010-02-19
|
03 | (System) | IANA Action state changed to In Progress |
|
2010-02-19
|
03 | Amy Vezza | IESG state changed to Approved-announcement sent |
|
2010-02-19
|
03 | Amy Vezza | IESG has approved the document |
|
2010-02-19
|
03 | Amy Vezza | Closed "Approve" ballot |
|
2010-02-19
|
03 | Amy Vezza | State Changes to Approved-announcement to be sent from IESG Evaluation::AD Followup by Amy Vezza |
|
2010-02-18
|
03 | Dan Romascanu | [Ballot Position Update] Position for Dan Romascanu has been changed to No Objection from Discuss by Dan Romascanu |
|
2009-11-27
|
03 | Adrian Farrel | [Ballot Position Update] Position for Adrian Farrel has been changed to No Objection from Discuss by Adrian Farrel |
|
2009-11-20
|
03 | (System) | Removed from agenda for telechat - 2009-11-19 |
|
2009-11-19
|
03 | Cindy Morgan | State Changes to IESG Evaluation::AD Followup from IESG Evaluation by Cindy Morgan |
|
2009-11-19
|
03 | Jari Arkko | [Ballot Position Update] New position, No Objection, has been recorded by Jari Arkko |
|
2009-11-18
|
03 | Ross Callon | [Ballot Position Update] New position, No Objection, has been recorded by Ross Callon |
|
2009-11-18
|
03 | Lisa Dusseault | [Ballot Position Update] New position, No Objection, has been recorded by Lisa Dusseault |
|
2009-11-18
|
03 | Ron Bonica | [Ballot Position Update] New position, No Objection, has been recorded by Ron Bonica |
|
2009-11-18
|
03 | Cullen Jennings | [Ballot Position Update] New position, No Objection, has been recorded by Cullen Jennings |
|
2009-11-18
|
03 | Magnus Westerlund | [Ballot Position Update] New position, No Objection, has been recorded by Magnus Westerlund |
|
2009-11-18
|
03 | Tim Polk | State Changes to IESG Evaluation from Waiting for AD Go-Ahead by Tim Polk |
|
2009-11-17
|
03 | Ralph Droms | [Ballot Position Update] New position, No Objection, has been recorded by Ralph Droms |
|
2009-11-17
|
03 | Dan Romascanu | [Ballot discuss] The 2002 edition of the X.680 ITU-T receommendation defining ASN.1 basic notation was superseeded by the 2008 edition. Is there any reason not … [Ballot discuss] The 2002 edition of the X.680 ITU-T receommendation defining ASN.1 basic notation was superseeded by the 2008 edition. Is there any reason not to include the newer version as Normative Reference? |
|
2009-11-17
|
03 | Dan Romascanu | [Ballot Position Update] New position, Discuss, has been recorded by Dan Romascanu |
|
2009-11-17
|
03 | Adrian Farrel | [Ballot comment] Section 7 says: The algorithm described in here has the idempotency, associative, and commutative properties, like the rest of the processing … [Ballot comment] Section 7 says: The algorithm described in here has the idempotency, associative, and commutative properties, like the rest of the processing rules in this document. I am not sure that all of the processing rules in the document are idempotent, associative, and commutative. Maybe best to drop the final clause? --- Appendix I don't object, but... This appendix provides the normative ASN.1 definitions for the structures described in this specification using ASN.1 as defined in X.680. If the material is normative, perhaps it should be moved into the main body of the document. --- Appendix -- The following is a '02 version for clearance. Do we really need this in the RFC? I assume this is from the -02 revision of the I-D. --- Nit Section 1 Since [RFC3281bis] does not permit chain of ACs, s/chain/ chain/ |
|
2009-11-17
|
03 | Adrian Farrel | [Ballot discuss] Section 2 The ASN.1 syntax for the Clearance attribute is as follows [PKI-ASN]: I don't think it is a good idea to … [Ballot discuss] Section 2 The ASN.1 syntax for the Clearance attribute is as follows [PKI-ASN]: I don't think it is a good idea to repeat this definition here. It appears to create to normative definitions of the same thing, and could cause an issue if some difference creeps in. |
|
2009-11-17
|
03 | Adrian Farrel | [Ballot Position Update] New position, Discuss, has been recorded by Adrian Farrel |
|
2009-11-17
|
03 | Pasi Eronen | [Ballot comment] Section 5.1: there are potentially two certification paths of interest when using ACs (one for the AA, another for the end-entity); it would … [Ballot comment] Section 5.1: there are potentially two certification paths of interest when using ACs (one for the AA, another for the end-entity); it would be helpful if the text said "certification path for the AA" whenever it talks about paths here. Section 9: "If there is no Clearance associated with a TA, it means that the TA has not been assigned any clearance." Should this be "..., it means the TA is not constrained"? |
|
2009-11-17
|
03 | Pasi Eronen | [Ballot Position Update] New position, No Objection, has been recorded by Pasi Eronen |
|
2009-11-16
|
03 | Russ Housley | [Ballot Position Update] New position, No Objection, has been recorded by Russ Housley |
|
2009-11-15
|
03 | Alexey Melnikov | [Ballot Position Update] New position, No Objection, has been recorded by Alexey Melnikov |
|
2009-11-03
|
03 | Lars Eggert | [Ballot Position Update] New position, No Objection, has been recorded by Lars Eggert |
|
2009-10-28
|
03 | Tim Polk | [Ballot Position Update] New position, Yes, has been recorded for Tim Polk |
|
2009-10-28
|
03 | Tim Polk | Ballot has been issued by Tim Polk |
|
2009-10-28
|
03 | Tim Polk | Created "Approve" ballot |
|
2009-10-28
|
03 | Tim Polk | Placed on agenda for telechat - 2009-11-19 by Tim Polk |
|
2009-10-20
|
03 | (System) | New version available: draft-ietf-pkix-authorityclearanceconstraints-03.txt |
|
2009-08-18
|
03 | Sam Weiler | Request for Last Call review by SECDIR Completed. Reviewer: Derek Atkins. |
|
2009-08-14
|
03 | (System) | State has been changed to Waiting for AD Go-Ahead from In Last Call by system |
|
2009-08-11
|
03 | Amanda Baber | IANA comments: As described in the IANA Considerations section, we understand this document to have NO IANA Actions. |
|
2009-08-03
|
03 | Sam Weiler | Request for Last Call review by SECDIR is assigned to Derek Atkins |
|
2009-08-03
|
03 | Sam Weiler | Request for Last Call review by SECDIR is assigned to Derek Atkins |
|
2009-07-31
|
03 | Cindy Morgan | State Changes to In Last Call from Last Call Requested by Cindy Morgan |
|
2009-07-31
|
03 | Tim Polk | State Changes to Last Call Requested from AD Evaluation by Tim Polk |
|
2009-07-31
|
03 | Tim Polk | Last Call was requested by Tim Polk |
|
2009-07-31
|
03 | (System) | Ballot writeup text was added |
|
2009-07-31
|
03 | (System) | Last call text was added |
|
2009-07-31
|
03 | (System) | Ballot approval text was added |
|
2009-07-27
|
03 | Tim Polk | State Changes to AD Evaluation from Publication Requested by Tim Polk |
|
2009-05-26
|
03 | Cindy Morgan | Responses to questions 1.a-1.h in RFC 4858: 1.a - Steve Kent is the Shepherd. I have personally reviewed the document and assert that it … Responses to questions 1.a-1.h in RFC 4858: 1.a - Steve Kent is the Shepherd. I have personally reviewed the document and assert that it is ready for IESG publication. 1.b - The document has been reviewed by key WG members. There are no concerns about depth or breadth of the reviews. 1.c - I see no need for wider review. 1.d - My co-chair, Stefan Santesson, has not been enthusiastic about this work. He initially expressed the concern that the extension is not widely applicable, e.g., that it was focused only on the U.S DoD application context. This was not true, e.g., the format is already adopted in ISO standards and, presumably, used by other entities that employ document sensitivity markings. After extensive discussion, Stefan now seems (more) comfortable with the document's content. There are no substantive criticisms from other WG members. There are no other concerns of which the AD and/or IESG should be aware. 1.e - The WG consensus is solid (but see comments on 1.d above). 1.f - There has been no threat of an appeal by an WG members. 1.g - I have personally verified that the document satisfies all ID nits. (the document refers to old versions of two I-Ds, but includes text directing the RFC Editor to update these references as needed.) 1.h - The document splits it references into normative and informative as required. 1.i - The document has an IANA consideration and it is consistent with the main body (there are no IANA considerations). 1.j - Sean Turner assures me that the ASN.1 has been verified . 1.k - Write-up is as follows: Technical Summary This document defines the syntax and semantics for the Clearance attribute and the Authority Clearance Constraints extension in X.509 certificates. The Clearance attribute is used to indicate the clearance held by the subject. The Clearance attribute may appear in the subject directory attributes extension of a public key certificate or in the attributes field of an attribute certificate. The Authority Clearance Constraints certificate extension values in a Trust Anchor (TA), CA public key certificates, and an Attribute Authority (AA) public key certificate in a public key certification path constrain the effective Clearance of the subject. Working Group Summary This ID was discussed on the mailing list and at multiple meetings. There was initially some controversy about whether or not these extensions were reasonable. Eventually, the working group agreed that they were applicable and important to a set of internet users. All PKIX WG Last Call issues have been resolved. Discussion during PKIX WG Last Call demonstrated working group consensus. This document has strong PKIX WG support. Document Quality Russ Housley also reviewed this document. There are no known implementations, but some WG members have expressed interest in implementing this ID. Personnel Steve Kent is the document Shepherd. Tim Polk is the responsible Security Area AD. |
|
2009-05-26
|
03 | Cindy Morgan | Draft Added by Cindy Morgan in state Publication Requested |
|
2009-03-26
|
02 | (System) | New version available: draft-ietf-pkix-authorityclearanceconstraints-02.txt |
|
2009-03-05
|
01 | (System) | New version available: draft-ietf-pkix-authorityclearanceconstraints-01.txt |
|
2008-11-07
|
00 | (System) | New version available: draft-ietf-pkix-authorityclearanceconstraints-00.txt |