draft-ietf-hip-cert-02.txt   draft-ietf-hip-cert-03.txt 
Host Identity Protocol Heer Host Identity Protocol Heer
Internet-Draft Distributed Systems Group, RWTH Internet-Draft Distributed Systems Group, RWTH
Intended status: Informational Aachen University Intended status: Informational Aachen University
Expires: April 29, 2010 Varjonen Expires: October 30, 2010 Varjonen
Helsinki Institute for Information Helsinki Institute for Information
Technology Technology
October 26, 2009 April 28, 2010
HIP Certificates HIP Certificates
draft-ietf-hip-cert-02 draft-ietf-hip-cert-03
Abstract
This document specifies a certificate parameter called CERT for the
Host Identity Protocol (HIP). The CERT parameter is a container for
X.509.v3 certificates and for Simple Public Key Infrastructure (SPKI)
certificates. It is used for carrying these certificates in HIP
control packets. Additionally, this document specifies the
representations of Host Identity Tags in X.509.v3 and in SPKI
certificates.
Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119].
Status of this Memo Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. This document may not be modified, provisions of BCP 78 and BCP 79. This document may not be modified,
and derivative works of it may not be created, except to format it and derivative works of it may not be created, except to format it
for publication as an RFC or to translate it into languages other for publication as an RFC or to translate it into languages other
than English. than English.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF). Note that other groups may also distribute
other groups may also distribute working documents as Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at This Internet-Draft will expire on October 30, 2010.
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on April 29, 2010.
Copyright Notice Copyright Notice
Copyright (c) 2009 IETF Trust and the persons identified as the Copyright (c) 2010 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents in effect on the date of Provisions Relating to IETF Documents
publication of this document (http://trustee.ietf.org/license-info). (http://trustee.ietf.org/license-info) in effect on the date of
Please review these documents carefully, as they describe your rights publication of this document. Please review these documents
and restrictions with respect to this document. carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
Abstract include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
This document specifies a certificate parameter called CERT for the described in the Simplified BSD License.
Host Identity Protocol (HIP). The CERT parameter is a container for
X.509.v3 certificates and for Simple Public Key Infrastructure (SPKI)
certificates. It is used for carrying these certificates in HIP
control packets. Additionally, this document specifies the
representations of Host Identity Tags in X.509.v3 and in SPKI
certificates.
Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119].
1. Introduction 1. Introduction
Digital certificates bind a piece of information to a public key by Digital certificates bind a piece of information to a public key by
means of a digital signature, and thus, enable the holder of a means of a digital signature, and thus, enable the holder of a
private key to generate cryptographically verifiable statements. The private key to generate cryptographically verifiable statements. The
Host Identity Protocol (HIP)[RFC5201] defines a new cryptographic Host Identity Protocol (HIP)[RFC5201] defines a new cryptographic
namespace based on asymmetric cryptography. Each host's identity is namespace based on asymmetric cryptography. Each host's identity is
derived from a public key, allowing hosts to digitally sign data with derived from a public key, allowing hosts to digitally sign data with
their private key. This document specifies a CERT parameter that is their private key. This document specifies a CERT parameter that is
skipping to change at page 2, line 45 skipping to change at page 2, line 44
The CERT parameter is a container for a certain types of digital The CERT parameter is a container for a certain types of digital
certificates. It may either carry SPKI certificates or X.509.v3 certificates. It may either carry SPKI certificates or X.509.v3
certificates. It does not specify any certificate semantics. certificates. It does not specify any certificate semantics.
However, it defines some organizational parameters that help HIP However, it defines some organizational parameters that help HIP
hosts to transmit semantically grouped parameters in a more hosts to transmit semantically grouped parameters in a more
systematic way. systematic way.
The CERT parameter may be covered by the HIP SIGNATURE field and is a The CERT parameter may be covered by the HIP SIGNATURE field and is a
non-critical parameter. non-critical parameter.
The CERT parameter can be used in R1, I2, R2, UPDATE and NOTIFY The CERT parameter can be used in all HIP packets but using CERT in
control packets. Each allowed HIP control packet may contain I1 is NOT RECOMMENDED. Each allowed HIP control packet may contain
multiple CERT parameters. These parameters may be related or multiple CERT parameters. These parameters may be related or
unrelated. Related certificates are managed in Cert groups. A Cert unrelated. Related certificates are managed in Cert groups. A Cert
group specifies a group of related CERT parameters that should be group specifies a group of related CERT parameters that should be
interpreted in a certain order (e.g. for expressing certificate interpreted in a certain order (e.g. for expressing certificate
chains). For grouping CERT parameters, the Cert group and the Cert chains). For grouping CERT parameters, the Cert group and the Cert
count field must be set. Ungrouped certificates exhibit a unique count field must be set. Ungrouped certificates exhibit a unique
Cert group field and set the Cert count to 1. CERT parameters with Cert group field and set the Cert count to 1. CERT parameters with
the same Cert group number in the group field indicate a logical the same Cert group number in the group field indicate a logical
grouping. The Cert count field indicates the number of CERT grouping. The Cert count field indicates the number of CERT
parameters in the group. parameters in the group.
skipping to change at page 10, line 7 skipping to change at page 10, line 7
42:f0 42:f0
Appendix C. Change log Appendix C. Change log
Changes from version 00 to 01: Changes from version 00 to 01:
o Revised text about DN usage. o Revised text about DN usage.
o Revised text about Cert group usage. o Revised text about Cert group usage.
Changes from version 01 to 02:
o Revised the type numbers.
o Added a section about signaling.
Changes from version 02 to 03:
o Revised text about CERT use in control packets.
Authors' Addresses Authors' Addresses
Tobias Heer Tobias Heer
Distributed Systems Group, RWTH Aachen University Distributed Systems Group, RWTH Aachen University
Ahornstrasse 55 Ahornstrasse 55
Aachen Aachen
Germany Germany
Phone: +49 241 80 214 36 Phone: +49 241 80 214 36
Email: heer@cs.rwth-aachen.de Email: heer@cs.rwth-aachen.de
 End of changes. 10 change blocks. 
37 lines changed or deleted 45 lines changed or added

This html diff was produced by rfcdiff 1.38. The latest version is available from http://tools.ietf.org/tools/rfcdiff/