1 / 8

Proposed PKI4IPSEC Certificate Management Requirements Document

Proposed PKI4IPSEC Certificate Management Requirements Document. IETF #61 – PKI4IPSEC Working Group 10 November 2004 – Washington, DC. Chris Bonatti (IECA, Inc.) <BonattiC@ieca.com> Tel: (+1) 301-548-9569. Status of Draft. Publication history: draft-dploy-requirements-00 2002-MAR

Télécharger la présentation

Proposed PKI4IPSEC Certificate Management Requirements Document

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Proposed PKI4IPSEC Certificate Management Requirements Document IETF #61 – PKI4IPSEC Working Group10 November 2004 – Washington, DC Chris Bonatti (IECA, Inc.) <BonattiC@ieca.com> Tel: (+1) 301-548-9569

  2. Status of Draft • Publication history: • draft-dploy-requirements-00 2002-MAR • draft-bonatti-pki4ipsec-profile-reqts-00 2004-JAN-30 • draft-bonatti-pki4ipsec-profile-reqts-01 2004-JUL-19 • draft-ietf-pki4ipsec-mgmt-profile-rqts-00 2004-AUG-4 • draft-ietf-pki4ipsec-mgmt-profile-rqts-01 2004-OCT-25 • August 4 version was substantially the same as July 19 version. • October 25 version addresses text comments identified around IETF #60. • We’re not nearly finished.

  3. Document Structure 1. Introduction 2. Architecture • VPN System (VPN Peers & VPN Admin) • PKI System (CA, RA, Repository) • VPN-PKI interaction (steps in certificate life cycle) 3. Requirements • Subsections address different requirement areas 4. Security Considerations Annexes A. References B. Acknowledgements C. Editor's Address D. Summary of Requirements • Plan to include a summary table similar to those in RFCs 1122, 1123, and 2975. E. Change History

  4. Section 3 Subsections 3.1 General Requirements 3.2 Authorization Transactions 3.3 Key Generation and PKC Request Construction 3.4 Enrollment (Sending Request and PKC Retrieval) 3.5 PKC Profile for PKI Interaction 3.6 PKC Renewals and Changes 3.7 Finding PKCs in Repositories 3.8 Revocation Action 3.9 Revocation Checking and Status Information

  5. Changes to Draft • Numerous editorial changes: • Acronym fixes • Clarification of PKC Change definition • Rearranged and consolidated references • Clarified what “off-line” communication (out of band) entails.

  6. Issues • Need to add more clarity on the makeup of the registration “template”. • Should the VPN Peer be able to cancel a pre-authorization in addition to the Admin. • Need to clarify error handling for the pre-enrollment process. • Lots of editorial holes to be filled, but the issues are less granular.

  7. Way Forward • Issue log was created previously. This is more of an editorial work list than technical issues. • New issue tracker: • http://rt.psg.com/ • Work through issue log, discussing open issues on the list. Issues will gradually migrate to the tracker.

  8. Questions?

More Related