Host Identity Protocol Certificates
Draft of message to be sent after approval:
From: The IESG <firstname.lastname@example.org> To: "IETF-Announce" <email@example.com> Cc: firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, "Gonzalo Camarillo" <email@example.com>, firstname.lastname@example.org, "The IESG" <email@example.com>, firstname.lastname@example.org, email@example.com Subject: Protocol Action: 'Host Identity Protocol Certificates' to Proposed Standard (draft-ietf-hip-rfc6253-bis-09.txt) The IESG has approved the following document: - 'Host Identity Protocol Certificates' (draft-ietf-hip-rfc6253-bis-09.txt) as Proposed Standard This document is the product of the Host Identity Protocol Working Group. The IESG contact persons are Suresh Krishnan and Terry Manderson. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-hip-rfc6253-bis/
Technical Summary: The Certificate (CERT) parameter is a container for digital certificates. It is used for carrying these certificates in Host Identity Protocol (HIP) control packets. This document specifies the certificate parameter and the error signaling in case of a failed verification. Additionally, this document specifies the representations of Host Identity Tags in X.509 version 3 (v3) and Simple Public Key Infrastructure (SPKI) certificates. The concrete use cases of certificates, including how certificates are obtained, requested, and which actions are taken upon successful or failed verification, are specific to the scenario in which the certificates are used. Hence, the definition of these scenario- specific aspects is left to the documents that use the CERT parameter. This document extends RFC7401 and obsoletes RFC6253. Working Group Summary: There was WG consensus behind this document. Document Quality: As discussed in RFC 6538, there are several implementations of the Experimental HIP specs. At least HIP for Linux (HIPL) and OpenHIP will be updated to comply with the standards-track specs. The example in the RFC was tested with the HIPL implementation, which uses the openssl library. Personnel Gonzalo Camarillo is the document shepherd. Terry Manderson is the responsible area director.