Technical Summary
This document describes how to use Transport Layer Security (TLS)
to secure Common Open Policy Service (COPS) connections over the
Internet.
This document also updates RFC 2748 by modifying the contents of
the Client-Accept message.
Working Group Summary
There is WG consensus to publish this document on the standards
track. However, the RAP WG has not been very active lately, and
the current consensus is more of a "nobody objects" while only
a small set of people worked on this doc.
Protocol Quality
Bert Wijnen has reviewed this document for the IESG.
Further review has been done by Eric Rescorla and Uri Blumenthal.
RFC-Editor notes:
Page 9, Section 7.1 (second paragraph)
OLD TEXT:
---------
All PEP implementations MUST be able to securely acquire the trust
anchor for each authorized Certification Authority (CA) that issues
PDP certificates. Also, the PEPs MUST support a mechanism to
securely acquire an access control list or filter identifying the
set of authorized PDPs associated with each CA.
NEW TEXT:
---------
All PEP implementations MUST be able to securely acquire the trust
anchor for each authorized Certification Authority (CA) that issues PDP
certificates. Also, the PEPs MUST support a mechanism to securely
acquire an access control list (ACL) or filter identifying the set of
authorized PDPs associated with each CA. Deployments must take care to
avoid circular dependencies in accessing trust anchors and ACLs. At a
minimum, trust anchors and ACLs may be installed manually.
=================
Add a new section after section 7
OLD TEXT:
---------
8 Backward Compatibility
NEW TEXT:
---------
8 Cipher Suite Requirements
Implementations MUST support the TLS_RSA_WITH_3DES_EDE_CBC_SHA cipher
suite. All other cipher suites are optional.
9 Backward Compatibility
renumber subsequent sections accordingly