Skip to main content

Internet X.509 Public Key Infrastructure Repository Locator Service
draft-ietf-pkix-pkixrep-04

Revision differences

Document history

Date Rev. By Action
2012-08-22
04 (System) post-migration administrative database adjustment to the No Objection position for Allison Mankin
2012-08-22
04 (System) post-migration administrative database adjustment to the No Objection position for Ted Hardie
2005-11-29
04 Amy Vezza State Changes to RFC Ed Queue from Approved-announcement sent by Amy Vezza
2005-11-22
04 Amy Vezza IESG state changed to Approved-announcement sent
2005-11-22
04 Amy Vezza IESG has approved the document
2005-11-22
04 Amy Vezza Closed "Approve" ballot
2005-11-22
04 Russ Housley State Changes to Approved-announcement to be sent from IESG Evaluation::AD Followup by Russ Housley
2005-09-12
04 (System) Sub state has been changed to AD Follow up from New Id Needed
2005-09-12
04 (System) New version available: draft-ietf-pkix-pkixrep-04.txt
2005-05-01
04 Brian Carpenter
[Ballot comment]
I'm clearing Harald's DISCUSS due to my incompetence on DNS issues, and a desire not to 2nd guess the WG, but the Internet …
[Ballot comment]
I'm clearing Harald's DISCUSS due to my incompetence on DNS issues, and a desire not to 2nd guess the WG, but the Internet ADs need to look.

There are some editorial issues:

OCSP is mentioned but isn't a very well known acronym. It would be
appropriate to give an informative reference for it (and for LDAP and
HTTP for consistency).

The references aren't separated between Normative and Informative, and
aren't cited with [...].

The boilerplate is out of date (and the new boilerplate will be
enforced as of May 6th).
2005-05-01
04 Brian Carpenter
[Ballot comment]
I'm clearing Harald's DISCUSS due to my incompetence on DNS issues, and a desire not to 2nd guess the WG, but the Internet …
[Ballot comment]
I'm clearing Harald's DISCUSS due to my incompetence on DNS issues, and a desire not to 2nd guess the WG, but the Internet ADs need to look.

There there are some editorial issues:

OCSP is mentioned but isn't a very well known acronym. It would be
appropriate to give an informative reference for it (and for LDAP and
HTTP for consistency).

The references aren't separated between Normative and Informative, and
aren't cited with [...].

The boilerplate is out of date (and the new boilerplate will be
enforced as of May 6th).
2005-05-01
04 Brian Carpenter [Ballot Position Update] New position, No Objection, has been recorded for Brian Carpenter by Brian Carpenter
2005-03-29
04 Russ Housley State Changes to IESG Evaluation::Revised ID Needed from IESG Evaluation::AD Followup by Russ Housley
2005-02-11
04 Harald Alvestrand [Ballot comment]
Reviewed by Michael Patton for GEN-ART. Review at:
2005-02-11
04 Harald Alvestrand
[Ballot discuss]
Note: This document asked for experimental publication. It should not be that hard to get an experiment off the ground. But it doesn't …
[Ballot discuss]
Note: This document asked for experimental publication. It should not be that hard to get an experiment off the ground. But it doesn't say anything about what its success criteria are.

I've dropped the comment about the _LDAP and so on labels; it turns out that we are continuing down a road beaten by IMPP. But still:

If choosing among protocols is by sequentially probing all combinations, that should be stated. The example only shows a single protocol.
2005-02-10
04 Ted Hardie [Ballot Position Update] Position for Ted Hardie has been changed to No Objection from Discuss by Ted Hardie
2005-02-10
04 (System) Sub state has been changed to AD Follow up from New Id Needed
2005-02-10
03 (System) New version available: draft-ietf-pkix-pkixrep-03.txt
2004-04-14
04 Russ Housley State Changes to IESG Evaluation::Revised ID Needed from IESG Evaluation::AD Followup by Russ Housley
2004-03-19
04 Amy Vezza State Changes to IESG Evaluation::AD Followup from IESG Evaluation - Defer by Amy Vezza
2004-03-18
04 Harald Alvestrand
[Ballot discuss]
Note: This document asked for experimental publication. It should not be that hard to get an experiment off the ground. But it doesn't …
[Ballot discuss]
Note: This document asked for experimental publication. It should not be that hard to get an experiment off the ground. But it doesn't say anything about what its success criteria are.

I think this doc needs to justify the choice of inserting _HTTP, _OCSP and _LDAP into the namespace that the original SRV RFC had _TCP and _UDP in.
It would also be interesting to hear the arguments for not using DDDS and NAPTR.

If choosing among protocols is by sequentially probing all combinations, that should be stated. The example only shows a single protocol.

Reviewed by Michael Patton for GEN-ART. Review at:
2004-03-18
04 Allison Mankin
[Ballot comment]
SMB pointed out that certificates are verifiable, and therefore DNSSEC is
not needed, by contrast with our usual SRV-located resources.  Therefore I've
cleared …
[Ballot comment]
SMB pointed out that certificates are verifiable, and therefore DNSSEC is
not needed, by contrast with our usual SRV-located resources.  Therefore I've
cleared my Discuss.
2004-03-18
04 Allison Mankin [Ballot Position Update] Position for Allison Mankin has been changed to No Objection from Discuss by Allison Mankin
2004-03-18
04 Harald Alvestrand [Ballot discuss]
Got a very critical review from Michael Patton just at telechat time.
Will enter a more complete DISCUSS based on it later.
2004-03-18
04 Harald Alvestrand [Ballot Position Update] New position, Discuss, has been recorded for Harald Alvestrand by Harald Alvestrand
2004-03-18
04 Allison Mankin
[Ballot discuss]
Ted caught the big problem. 
But another one:
There should be a discussion of the risk of attack because
the records can be …
[Ballot discuss]
Ted caught the big problem. 
But another one:
There should be a discussion of the risk of attack because
the records can be spoofed, and of the use of DNSSEC to address this risk.
A good way to do this in an advisory manner, since DNSSEC is still
working its way through the IETF, can be found in draft-ietf-enum-sip-01.txt.
2004-03-18
04 Allison Mankin
[Ballot discuss]
Ted caught the big problem. 
But another one:
There should be a discussion of the risk of attack because
the records can be …
[Ballot discuss]
Ted caught the big problem. 
But another one:
There should be a discussion of the risk of attack because
the records can be spoofed, and of the use of DNSSEC to address this risk.
A good way to do this in an advisory manner, since DNSSEC is still
working its way through the IETF, can be found in draft-ietf-enum-sip-01.txt.
2004-03-18
04 Allison Mankin [Ballot Position Update] Position for Allison Mankin has been changed to Discuss from Undefined by Allison Mankin
2004-03-18
04 Allison Mankin [Ballot Position Update] New position, Undefined, has been recorded for Allison Mankin by Allison Mankin
2004-03-18
04 Bert Wijnen [Ballot Position Update] New position, No Objection, has been recorded for Bert Wijnen by Bert Wijnen
2004-03-18
04 Alex Zinin [Ballot Position Update] New position, No Objection, has been recorded for Alex Zinin by Alex Zinin
2004-03-18
04 Jon Peterson [Ballot Position Update] New position, No Objection, has been recorded for Jon Peterson by Jon Peterson
2004-03-17
04 Scott Hollenbeck [Ballot Position Update] Position for Scott Hollenbeck has been changed to No Objection from Undefined by Scott Hollenbeck
2004-03-17
04 Scott Hollenbeck
[Ballot comment]
The references should be formatted as described in the ID nits document, and cited appropriately within the document.

Section 2: character values are …
[Ballot comment]
The references should be formatted as described in the ID nits document, and cited appropriately within the document.

Section 2: character values are sometimes hard to determine depending on the application used to view the text.  Suggest replacing '"_" character' with '"_" character (value 0x005F)' to be clear about the prepend character used in the RR.
2004-03-17
04 Scott Hollenbeck [Ballot Position Update] New position, Undefined, has been recorded for Scott Hollenbeck by Scott Hollenbeck
2004-02-20
04 (System) Removed from agenda for telechat - 2004-02-19
2004-02-19
04 Thomas Narten State Changes to IESG Evaluation - Defer from IESG Evaluation by Thomas Narten
2004-02-19
04 Ned Freed [Ballot Position Update] New position, No Objection, has been recorded for Ned Freed by Ned Freed
2004-02-18
04 Ted Hardie
[Ballot discuss]
For draft-ietf-impp-srv-04, we required an IANA maintained registry
that allowed someone to map _im._bip to a specification of how
_bip used SRV …
[Ballot discuss]
For draft-ietf-impp-srv-04, we required an IANA maintained registry
that allowed someone to map _im._bip to a specification of how
_bip used SRV records.  Seems very similar, in that PKIXREP will
actually map to different using protocols like OCSP, LDAP, or
HTTP; these aren't just transports, like tcp or udp, they have
different syntax (and frankly the use of HTTP for this means a convention
at a level even SRV can't handle).

If these folks don't want to go the DDDS road, would requiring a similar
registry make sense here?
2004-02-18
04 Ted Hardie [Ballot Position Update] Position for Ted Hardie has been changed to Discuss from Undefined by Ted Hardie
2004-02-18
04 Ted Hardie [Ballot comment]
Nit:

"the knowledge information necessary to identify" should probably either
be "the knowledge" or "the information".
2004-02-18
04 David Kessens [Ballot Position Update] New position, No Objection, has been recorded for David Kessens by David Kessens
2004-02-18
04 Ted Hardie [Ballot Position Update] New position, Undefined, has been recorded for Ted Hardie by Ted Hardie
2004-02-18
04 Steven Bellovin [Ballot comment]
Nit:  the document uses example.test.  It should be example.com or test.example or some such, per RFC 2606.
2004-02-18
04 Steven Bellovin [Ballot Position Update] New position, No Objection, has been recorded for Steve Bellovin by Steve Bellovin
2004-02-04
04 Russ Housley State Changes to IESG Evaluation from Waiting for Writeup by Russ Housley
2004-02-04
04 Russ Housley [Ballot Position Update] New position, Yes, has been recorded for Russ Housley
2004-02-04
04 Russ Housley Ballot has been issued by Russ Housley
2004-02-04
04 Russ Housley Created "Approve" ballot
2004-02-04
04 (System) Ballot writeup text was added
2004-02-04
04 (System) Last call text was added
2004-02-04
04 (System) Ballot approval text was added
2004-02-04
04 Russ Housley Status date has been changed to 2004-02-04 from 2003-07-25
2004-02-04
04 Russ Housley Placed on agenda for telechat - 2004-02-19 by Russ Housley
2004-01-30
04 Harald Alvestrand State Changes to Waiting for Writeup from In Last Call by Harald Alvestrand
2004-01-30
04 Harald Alvestrand This one seems to have gotten stuck in Last Call state. Last Call was to have ended on 2003-09-30.
2003-10-08
04 Russ Housley State Changes to In Last Call from Last Call Requested by Russ Housley
2003-09-16
04 Russ Housley State Changes to Last Call Requested from AD Evaluation by Russ Housley
2003-09-16
04 Russ Housley State Changes to AD Evaluation from AD Evaluation::Revised ID Needed by Russ Housley
2003-09-16
02 (System) New version available: draft-ietf-pkix-pkixrep-02.txt
2003-07-25
04 Russ Housley Needs to be updated to meet ID Nits.
2003-07-25
04 Russ Housley State Changes to AD Evaluation  :: Revised ID Needed from Publication Requested by Housley, Russ
2003-07-25
04 Russ Housley Draft Added by Housley, Russ
2002-11-22
01 (System) New version available: draft-ietf-pkix-pkixrep-01.txt
2000-07-21
00 (System) New version available: draft-ietf-pkix-pkixrep-00.txt