draft-ietf-hip-cert-08.txt   draft-ietf-hip-cert-09.txt 
Host Identity Protocol Heer Host Identity Protocol Heer
Internet-Draft Distributed Systems Group, RWTH Internet-Draft Distributed Systems Group, RWTH
Intended status: Experimental Aachen University Intended status: Experimental Aachen University
Expires: July 22, 2011 Varjonen Expires: July 22, 2011 Varjonen
Helsinki Institute for Information Helsinki Institute for Information
Technology Technology
January 18, 2011 January 18, 2011
Host Identity Protocol Certificates Host Identity Protocol Certificates
draft-ietf-hip-cert-08 draft-ietf-hip-cert-09
Abstract Abstract
The CERT parameter is a container for X.509.v3 certificates and The CERT parameter is a container for X.509.v3 certificates and
Simple Public Key Infrastructure (SPKI) certificates. It is used for Simple Public Key Infrastructure (SPKI) certificates. It is used for
carrying these certificates in Host Identity Protocol (HIP) control carrying these certificates in Host Identity Protocol (HIP) control
packets. This document specifies the certificate parameter and the packets. This document specifies the certificate parameter and the
error signaling in case of a failed verification. Additionally, this error signaling in case of a failed verification. Additionally, this
document specifies the representations of Host Identity Tags in document specifies the representations of Host Identity Tags in
X.509.v3 and SPKI certificates. X.509.v3 and SPKI certificates.
The concrete use of certificates including how certificates are The concrete use of certificates including how certificates are
obtained, requested, and which actions are taken upon successful or obtained, requested, and which actions are taken upon successful or
failed verification are specific to the scenario in which the failed verification are specific to the scenario in which the
certificates are used. Hence, the definition of these scenario- certificates are used. Hence, the definition of these scenario-
specific aspects are left to the documents that use the CERT specific aspects are left to the documents that use the CERT
parameter. parameter.
Status of this Memo Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. This document may not be modified, provisions of BCP 78 and BCP 79.
and derivative works of it may not be created, except to format it
for publication as an RFC or to translate it into languages other
than English.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF). Note that other groups may also distribute
other groups may also distribute working documents as Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on July 22, 2011. This Internet-Draft will expire on July 22, 2011.
Copyright Notice Copyright Notice
Copyright (c) 2011 IETF Trust and the persons identified as the Copyright (c) 2011 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
skipping to change at page 2, line 24 skipping to change at page 2, line 15
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the BSD License. described in the Simplified BSD License.
This document may contain material from IETF Documents or IETF
Contributions published or made publicly available before November
10, 2008. The person(s) controlling the copyright in some of this
material may not have granted the IETF Trust the right to allow
modifications of such material outside the IETF Standards Process.
Without obtaining an adequate license from the person(s) controlling
the copyright in such materials, this document may not be modified
outside the IETF Standards Process, and derivative works of it may
not be created outside the IETF Standards Process, except to format
it for publication as an RFC or to translate it into languages other
than English.
1. Introduction 1. Introduction
Digital certificates bind a piece of information to a public key by Digital certificates bind a piece of information to a public key by
means of a digital signature, and thus, enable the holder of a means of a digital signature, and thus, enable the holder of a
private key to generate cryptographically verifiable statements. The private key to generate cryptographically verifiable statements. The
Host Identity Protocol (HIP) [RFC5201] defines a new cryptographic Host Identity Protocol (HIP) [RFC5201] defines a new cryptographic
namespace based on asymmetric cryptography. The identity of each namespace based on asymmetric cryptography. The identity of each
host is derived from a public key, allowing hosts to digitally sign host is derived from a public key, allowing hosts to digitally sign
data and issue certificates with their private key. This document data and issue certificates with their private key. This document
skipping to change at page 13, line 26 skipping to change at page 13, line 26
o Removed a the second paragraph in section 8. o Removed a the second paragraph in section 8.
o Changed the example in Appendix A (Cert created without the o Changed the example in Appendix A (Cert created without the
leading zeroes in HITs). leading zeroes in HITs).
Changes from version 07 to 08: Changes from version 07 to 08:
o Updated and checked the references. o Updated and checked the references.
Changes from version 08 to 09:
o Fixing boilerplate.
Authors' Addresses Authors' Addresses
Tobias Heer Tobias Heer
Distributed Systems Group, RWTH Aachen University Distributed Systems Group, RWTH Aachen University
Ahornstrasse 55 Ahornstrasse 55
Aachen Aachen
Germany Germany
Phone: +49 241 80 214 36 Phone: +49 241 80 214 36
Email: heer@cs.rwth-aachen.de Email: heer@cs.rwth-aachen.de
 End of changes. 7 change blocks. 
17 lines changed or deleted 23 lines changed or added

This html diff was produced by rfcdiff 1.40. The latest version is available from http://tools.ietf.org/tools/rfcdiff/