Download
1 / 4
40 likes | 164 Vues
This document outlines the key discussions and topics from the IETF PKI for IPsec Working Group's interim meeting held on December 14, 2004, as convened by Sean Turner. Notable agenda items included path discovery mechanisms, revocation checking methodologies, and the nuances of an authorization token format. Key changes addressed non-repudiation considerations and options for key generation and enrollment processes that enhance security and performance. This overview also highlights the need for DNS support in path lookups and updates on community realms.
E N D
Certificate Management Requirements Status IETF PKI4IPSEC WG07 March 2005 Sean Turner (IECA, Inc.) <turners@ieca.com> Tel: (+1) 703-628-3180
Interim Meeting • 14 December 2004 • Refer to 14 December 2004 from C. Bonatti for link to presentations • Topics • Path discovery – AIA/CDP • Revocation checking - CRL • Confirmation handshake - ? • Community realms – GONE (template id)
New Comments/Changes • Non-repudiation removed address by “authenticated.” • Authorization token format – ASCII vs internationalized? • Enrollment TYPE field? • Cancel/New Auth – need new identifier for replay protection. • DNS support for PKC path lookup and revocation? • CA state info needed. • Organization: • Key generation/PKC request options (peer both, peer key/admin request, admin both, pki both); Enrollment options (peer->pki, peer->admin, admin->pki); Revocation options (peer, admin) • Key generation/PKC request section – move to informative annex? • Move options in 2.3.1-3 to 3.4.
