CDB Chris Bonatti (IECA, Inc.) Tel: (+1) Proposed PKI4IPSEC Certificate Management Requirements Document IETF #61 – PKI4IPSEC Working Group 10 November 2004 – Washington, DC
CDB Status of Draft Publication history: –draft-dploy-requirements MAR –draft-bonatti-pki4ipsec-profile-reqts JAN-30 –draft-bonatti-pki4ipsec-profile-reqts JUL-19 –draft-ietf-pki4ipsec-mgmt-profile-rqts AUG-4 –draft-ietf-pki4ipsec-mgmt-profile-rqts OCT-25 August 4 version was substantially the same as July 19 version. October 25 version addresses text comments identified around IETF #60. We’re not nearly finished.
CDB Document Structure 1.Introduction 2.Architecture –VPN System (VPN Peers & VPN Admin) –PKI System (CA, RA, Repository) –VPN-PKI interaction (steps in certificate life cycle) 3.Requirements –Subsections address different requirement areas 4.Security Considerations Annexes A. References B. Acknowledgements C. Editor's Address D. Summary of Requirements Plan to include a summary table similar to those in RFCs 1122, 1123, and E. Change History
CDB Section 3 Subsections 3.1 General Requirements 3.2 Authorization Transactions 3.3 Key Generation and PKC Request Construction 3.4 Enrollment (Sending Request and PKC Retrieval) 3.5 PKC Profile for PKI Interaction 3.6 PKC Renewals and Changes 3.7 Finding PKCs in Repositories 3.8 Revocation Action 3.9 Revocation Checking and Status Information
CDB Changes to Draft Numerous editorial changes: –Acronym fixes –Clarification of PKC Change definition –Rearranged and consolidated references –Clarified what “off-line” communication (out of band) entails.
CDB Issues Need to add more clarity on the makeup of the registration “template”. Should the VPN Peer be able to cancel a pre- authorization in addition to the Admin. Need to clarify error handling for the pre- enrollment process. Lots of editorial holes to be filled, but the issues are less granular.
CDB Way Forward Issue log was created previously. This is more of an editorial work list than technical issues. New issue tracker: – Work through issue log, discussing open issues on the list. Issues will gradually migrate to the tracker.
CDB Questions?