Common Open Policy Service (COPS) Over Transport Layer Security (TLS)
RFC 4261

Approval announcement
Draft of message to be sent after approval:

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: Internet Architecture Board <iab@iab.org>,
    RFC Editor <rfc-editor@rfc-editor.org>, 
    rap mailing list <rap@ops.ietf.org>, 
    rap chair <rap-chairs@tools.ietf.org>
Subject: Protocol Action: 'COPS Over TLS' to Proposed Standard 

The IESG has approved the following document:

- 'COPS Over TLS '
   <draft-ietf-rap-cops-tls-12.txt> as a Proposed Standard

This document is the product of the Resource Allocation Protocol Working 
Group. 

The IESG contact persons are Bert Wijnen and Dan Romascanu.

A URL of this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-rap-cops-tls-12.txt

Technical Summary
 
  This document describes how to use Transport Layer Security (TLS)
  to secure Common Open Policy Service (COPS) connections over the
  Internet.

  This document also updates RFC 2748 by modifying the contents of
  the Client-Accept message.
 
Working Group Summary
 
  There is WG consensus to publish this document on the standards  
  track.  However, the RAP WG has not been very active lately, and
  the current consensus is more of a "nobody objects" while only
  a small set of people worked on this doc.

Protocol Quality
 
  Bert Wijnen has reviewed this document for the IESG.
  Further review has been done by Eric Rescorla and Uri Blumenthal.

RFC-Editor notes:
Page 9, Section 7.1 (second paragraph)
OLD TEXT:
---------
  All PEP implementations MUST be able to securely acquire the trust 
  anchor for each authorized Certification Authority (CA) that issues 
  PDP certificates. Also, the PEPs MUST support a mechanism to 
  securely acquire an access control list or filter identifying the 
  set of authorized PDPs associated with each CA.

NEW TEXT:
---------
  All PEP implementations MUST be able to securely acquire the trust
  anchor for each authorized Certification Authority (CA) that issues PDP
  certificates. Also, the PEPs MUST support a mechanism to securely
  acquire an access control list (ACL) or filter identifying the set of
  authorized PDPs associated with each CA. Deployments must take care to
  avoid circular dependencies in accessing trust anchors and ACLs. At a
  minimum, trust anchors and ACLs may be installed manually.

=================
Add a new section after section 7
OLD TEXT:
---------
  8 Backward Compatibility

NEW TEXT:
---------
  8 Cipher Suite Requirements

  Implementations MUST support the TLS_RSA_WITH_3DES_EDE_CBC_SHA cipher
  suite. All other cipher suites are optional.

  9 Backward Compatibility

  renumber subsequent sections accordingly