Internet X.509 Public Key Infrastructure: Certification Path Building
draft-ietf-pkix-certpathbuild-05
Revision differences
Document history
| Date | Rev. | By | Action |
|---|---|---|---|
|
2015-10-14
|
05 | (System) | Notify list changed from kent@bbn.com, wpolk@nist.gov to wpolk@nist.gov |
|
2012-08-22
|
05 | (System) | post-migration administrative database adjustment to the Yes position for Russ Housley |
|
2005-09-27
|
05 | Amy Vezza | State Changes to RFC Published from RFC Ed Queue by Amy Vezza |
|
2005-09-27
|
05 | Amy Vezza | [Note]: 'RFC 4158' added by Amy Vezza |
|
2005-09-26
|
05 | (System) | RFC published |
|
2005-01-11
|
05 | Amy Vezza | State Changes to RFC Ed Queue from Approved-announcement sent by Amy Vezza |
|
2005-01-10
|
05 | Amy Vezza | IESG state changed to Approved-announcement sent |
|
2005-01-10
|
05 | Amy Vezza | IESG has approved the document |
|
2005-01-10
|
05 | Amy Vezza | Closed "Approve" ballot |
|
2005-01-08
|
05 | Russ Housley | State Changes to Approved-announcement to be sent from IESG Evaluation::AD Followup by Russ Housley |
|
2005-01-08
|
05 | Russ Housley | [Ballot Position Update] Position for Russ Housley has been changed to Yes from Discuss by Russ Housley |
|
2005-01-07
|
05 | (System) | New version available: draft-ietf-pkix-certpathbuild-05.txt |
|
2004-11-19
|
05 | (System) | Removed from agenda for telechat - 2004-11-18 |
|
2004-11-18
|
05 | Amy Vezza | State Changes to IESG Evaluation::AD Followup from IESG Evaluation by Amy Vezza |
|
2004-11-18
|
05 | Allison Mankin | [Ballot comment] The main text sentence describing applicability is bit understated, though the Abstract is clear enough. I think too, that some apps developers will … [Ballot comment] The main text sentence describing applicability is bit understated, though the Abstract is clear enough. I think too, that some apps developers will not find an exact enough match, though finding useful information. Overall I think the level set is quite good, and well caveated. |
|
2004-11-18
|
05 | Allison Mankin | [Ballot Position Update] New position, No Objection, has been recorded for Allison Mankin by Allison Mankin |
|
2004-11-18
|
05 | Bert Wijnen | [Ballot Position Update] Position for Bert Wijnen has been changed to No Objection from Undefined by Bert Wijnen |
|
2004-11-18
|
05 | Alex Zinin | [Ballot Position Update] New position, No Objection, has been recorded for Alex Zinin by Alex Zinin |
|
2004-11-17
|
05 | David Kessens | [Ballot Position Update] New position, No Objection, has been recorded for David Kessens by David Kessens |
|
2004-11-17
|
05 | Harald Alvestrand | [Ballot comment] Reviewed by Brian Carpenter, Gen-ART His review: Probably no-objection, but I have a couple of queries and nits. Disclaimer: 74 page draft on … [Ballot comment] Reviewed by Brian Carpenter, Gen-ART His review: Probably no-objection, but I have a couple of queries and nits. Disclaimer: 74 page draft on a topic where I am an anti-expert. YMMV. > This document was written to provide guidance and recommendations to > developers building X.509 public-key certification paths within their > applications. Q1: Was there a positive choice *not* to make this a BCP, and does that choice imply any doubt about the recommendations? Q2: I found no mention of the proxy certificate mechanism, already implemented in grids, RFC 3820. Doesn't this affect the way certification paths are built? Nit 1: no IANA Considerations section Nit 2: There's a reference to [RFC 2396], which is being updated. But in any case, this reference is not cited in the text, so what is it for? Same for [RFC 1738] - maybe all the informative references should be checked. |
|
2004-11-17
|
05 | Harald Alvestrand | [Ballot Position Update] New position, No Objection, has been recorded for Harald Alvestrand by Harald Alvestrand |
|
2004-11-17
|
05 | Bert Wijnen | [Ballot comment] RFC-Editor gave me a tool with which they check references. It found: !! Missing Reference for citation: [PCA] P012 L028: with … [Ballot comment] RFC-Editor gave me a tool with which they check references. It found: !! Missing Reference for citation: [PCA] P012 L028: with one CA (known as a "principal" CA [PCA]) in each participating !! Missing citation for Informative reference: P073 L007: [MINHPKIS] Hesse, P., Lemire, D., "Managing Interoperability !! Missing citation for Informative reference: P073 L052: [PKIXALGS] Bassham, L., Polk, W. and R. Housley, "Algorithms and !! Missing citation for Informative reference: P073 L044: [X.501] ITU-T Recommendation X.501: Information Technology - |
|
2004-11-17
|
05 | Bert Wijnen | [Ballot Position Update] New position, Undefined, has been recorded for Bert Wijnen by Bert Wijnen |
|
2004-11-16
|
05 | Ted Hardie | [Ballot Position Update] New position, No Objection, has been recorded for Ted Hardie by Ted Hardie |
|
2004-11-16
|
05 | Sam Hartman | [Ballot Position Update] New position, No Objection, has been recorded for Sam Hartman by Sam Hartman |
|
2004-11-10
|
05 | Russ Housley | Placed on agenda for telechat - 2004-11-18 by Russ Housley |
|
2004-10-28
|
05 | Michelle Cotton | IANA Comments: We understand this document to have NO IANA Actions. |
|
2004-10-25
|
05 | Scott Hollenbeck | [Ballot Position Update] New position, No Objection, has been recorded for Scott Hollenbeck by Scott Hollenbeck |
|
2004-10-20
|
05 | Russ Housley | [Ballot discuss] The Security Considerations fail to discuss an important DOS attack, and with some simple guidance, it is easliy avoided. In an early … [Ballot discuss] The Security Considerations fail to discuss an important DOS attack, and with some simple guidance, it is easliy avoided. In an early SSL implementation, the signature was checked before the cert path was checked. There is no point checking the cert path if the signature is not valid, right? Well, the attacker sent a completely bogus certificate that contained a 16K-bit public key. The server had to be rebooted to stop the signature checking. If the path was checked first, the bogus certificate would have been detected, and the signature checking operation would never have started. We have the same situation here. Signature checking needs to follow cert path construction. Then, it needs to proceed from the trust anchor to the target cert. This will prevent this same attack via a bogus intermediate cert. |
|
2004-10-20
|
05 | Russ Housley | [Ballot Position Update] Position for Russ Housley has been changed to Discuss from Yes by Russ Housley |
|
2004-10-20
|
05 | Russ Housley | [Ballot Position Update] New position, Yes, has been recorded for Russ Housley |
|
2004-10-20
|
05 | Russ Housley | Ballot has been issued by Russ Housley |
|
2004-10-20
|
05 | Russ Housley | Created "Approve" ballot |
|
2004-10-20
|
05 | (System) | Ballot writeup text was added |
|
2004-10-20
|
05 | (System) | Last call text was added |
|
2004-10-20
|
05 | (System) | Ballot approval text was added |
|
2004-10-20
|
05 | Russ Housley | State Changes to IESG Evaluation from AD Evaluation by Russ Housley |
|
2004-07-27
|
05 | Russ Housley | State Changes to AD Evaluation from Publication Requested by Russ Housley |
|
2004-07-18
|
05 | Russ Housley | Draft Added by Russ Housley in state Publication Requested |
|
2004-06-29
|
04 | (System) | New version available: draft-ietf-pkix-certpathbuild-04.txt |
|
2004-01-09
|
03 | (System) | New version available: draft-ietf-pkix-certpathbuild-03.txt |
|
2003-12-02
|
02 | (System) | New version available: draft-ietf-pkix-certpathbuild-02.txt |
|
2003-10-02
|
01 | (System) | New version available: draft-ietf-pkix-certpathbuild-01.txt |
|
2003-07-03
|
00 | (System) | New version available: draft-ietf-pkix-certpathbuild-00.txt |