Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate Profile
draft-ietf-pkix-proxy-10
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2012-08-22
|
10 | (System) | post-migration administrative database adjustment to the No Objection position for Steven Bellovin |
2004-01-09
|
10 | Amy Vezza | State Changes to RFC Ed Queue from Approved-announcement sent by Amy Vezza |
2004-01-08
|
10 | Amy Vezza | IESG state changed to Approved-announcement sent |
2004-01-08
|
10 | Amy Vezza | IESG has approved the document |
2004-01-08
|
10 | Amy Vezza | Closed "Approve" ballot |
2004-01-07
|
10 | Russ Housley | State Changes to Approved-announcement to be sent from IESG Evaluation::AD Followup by Russ Housley |
2004-01-05
|
10 | Steven Bellovin | [Ballot Position Update] Position for Steve Bellovin has been changed to No Objection from Discuss by Steve Bellovin |
2003-12-23
|
10 | (System) | New version available: draft-ietf-pkix-proxy-10.txt |
2003-12-18
|
10 | Amy Vezza | Removed from agenda for telechat - 2003-12-18 by Amy Vezza |
2003-12-18
|
10 | Amy Vezza | State Changes to IESG Evaluation::AD Followup from IESG Evaluation by Amy Vezza |
2003-12-18
|
10 | Amy Vezza | [Ballot Position Update] New position, No Objection, has been recorded for by Amy Vezza |
2003-12-18
|
10 | Amy Vezza | [Ballot Position Update] New position, No Objection, has been recorded for by Amy Vezza |
2003-12-18
|
10 | Bill Fenner | [Ballot Position Update] New position, No Objection, has been recorded for by Bill Fenner |
2003-12-18
|
10 | Thomas Narten | [Ballot Position Update] New position, No Objection, has been recorded for by Thomas Narten |
2003-12-18
|
10 | Bert Wijnen | [Ballot Position Update] New position, No Objection, has been recorded for by Bert Wijnen |
2003-12-18
|
10 | Jon Peterson | [Ballot Position Update] New position, No Objection, has been recorded for by Jon Peterson |
2003-12-18
|
10 | Alex Zinin | [Ballot Position Update] New position, No Objection, has been recorded for by Alex Zinin |
2003-12-17
|
10 | Margaret Cullen | [Ballot Position Update] New position, No Objection, has been recorded for by Margaret Wasserman |
2003-12-17
|
10 | Ted Hardie | [Ballot comment] This isn't a DISCUSS, but I was disturbed by the fact that section 2.7's advertising supplement on ease of use contained this: … [Ballot comment] This isn't a DISCUSS, but I was disturbed by the fact that section 2.7's advertising supplement on ease of use contained this: . For many users, properly managing their own EEC private key is a nuisance at best, and a security risk at worst. One option easily enabled with a PC is to manage the EEC private keys and certificates in a centrally managed repository. When a user needs a PKI credential, the user can login to the repository using name/password, one time password, etc. Then the repository can delegate a PC to the user with proxy rights, but continue to protect the EEC private key in the repository. From my reading, this mechanism is way, way different from the motivation given in section 2.3 and dear old Steve's file transfer. It seems in particular to make this section of 2.4 problematic: One concern that arises is what happens if a machine that has been delegated the right to inherit Steve's privileges has been compromised? For example, in the above scenario, what if the machine running the file transfer service is compromised, such that the attacker can gain access to the credential that Steve delegated to that service? Can the attacker now do everything that Steve is allowed to do? The answer in the case of the attacker taking over the centrally managed repository,seems to be a resounding "Yes!" I realize that this is not actually quite the "delegated right to inherit" being discussed above, since that scenario seems to have Steve getting the time-limited delegated right to his own privileges, but it is still a bit worrying. The Security considerations doesn't seem to cover this at all. I don't think this has any great impact on the working of the protocol, but I would personally suggest ripping the advertising supplement text there right out or putting in the salient Security Consideration of "If you delegate users proxy rights from a central managed repository of their own certificates, boy are you in trouble if someone gets your repository". It may sound obvious, but it probably needs to be said. |
2003-12-17
|
10 | Ted Hardie | [Ballot comment] This isn't a DISCUSS, but I was disturbed by the fact that section 2.7's advertising supplement on ease of use contained this: … [Ballot comment] This isn't a DISCUSS, but I was disturbed by the fact that section 2.7's advertising supplement on ease of use contained this: . For many users, properly managing their own EEC private key is a nuisance at best, and a security risk at worst. One option easily enabled with a PC is to manage the EEC private keys and certificates in a centrally managed repository. When a user needs a PKI credential, the user can login to the repository using name/password, one time password, etc. Then the repository can delegate a PC to the user with proxy rights, but continue to protect the EEC private key in the repository. From my reading, this second mechanism is way, way different from the motivation given in section 2.3 and dear old Steve's file transfer. It seems in particular to make this section of 2.4 problematic: One concern that arises is what happens if a machine that has been delegated the right to inherit Steve's privileges has been compromised? For example, in the above scenario, what if the machine running the file transfer service is compromised, such that the attacker can gain access to the credential that Steve delegated to that service? Can the attacker now do everything that Steve is allowed to do? The answer in the case of the attacker taking over the centrally managed repository,seems to be a resounding "Yes!" I realize that this is not actually quite the "delegated right to inherit" being discussed above, since that scenario seems to have Steve getting the time-limited delegated right to his own privileges, but it is still a bit worrying. The Security considerations doesn't seem to cover this at all. I don't think this has any great impact on the working of the protocol, but I would personally suggest ripping the advertising supplement text there right out or putting in the salient Security Consideration of "If you delegate users proxy rights from a central managed repository of their own certificates, boy are you in trouble if someone gets your repository". It may sound obvious, but it probably needs to be said. |
2003-12-16
|
10 | Ted Hardie | [Ballot Position Update] New position, No Objection, has been recorded for by Ted Hardie |
2003-12-16
|
10 | Steven Bellovin | [Ballot discuss] There's no IANA considerations section, and in particular no discussion of where policy languages come from. I would assume that the preferred path … [Ballot discuss] There's no IANA considerations section, and in particular no discussion of where policy languages come from. I would assume that the preferred path would be IETF consensus per 2434, but I could also see the need for private use values and/or a vendor registry. 3.8.1 -- "If the proxyCertInfo extension is not present..." -- shouldn't that be pCPathLenConstraint? |
2003-12-16
|
10 | Steven Bellovin | [Ballot Position Update] New position, Discuss, has been recorded for by Steve Bellovin |
2003-12-05
|
10 | Ned Freed | [Ballot comment] Nits: Section 3.8.2 item 1) "The relying MUST party know how to" -> "The relying party MUST know how to" Section … [Ballot comment] Nits: Section 3.8.2 item 1) "The relying MUST party know how to" -> "The relying party MUST know how to" Section 3.8.2 item 3) a. Non-ASCII character appears where an apostrophe should be. Section 4.1.5 title "Proceedures" -> "Procedures" Appendix B should be marked as needing to be removed prior to publicaton. Questions: This document defines two policy language OIDs (basically "all" and "none"). Presumably more policy language OIDs will be defined. Does it make sense to have a registry for these things, or are these going to be so fine-grained attempting to register even some of them would be pointless? Is OCTET STRING necessarily the right data type for policy values? What if the policy language specifies policies using ASN.1? (I realize you can put arbitrary stuff inside an OCTET STRING, however, in X.400 P2 ASN.1 objects are stuffed inside of a P1 OCTET STRING field, and handling them in a single pass was a nightmare.) Some applications of these sorts of certificates seem to me to involve on-the-fly generation of new certificates. Additionally, each of these certificates is supposed to contain its own public/private key pair (2.6 item 3), and generating such key pairs can be expensive. Should the potential for service denial attacks on automatic proxy certificate generators be mentioned in the security considerations section? |
2003-12-05
|
10 | Ned Freed | [Ballot Position Update] New position, No Objection, has been recorded for by Ned Freed |
2003-12-02
|
10 | Russ Housley | State Changes to IESG Evaluation from Waiting for AD Go-Ahead by Russ Housley |
2003-12-02
|
10 | Russ Housley | Status date has been changed to 2003-12-02 from 2003-11-10 |
2003-12-02
|
10 | Russ Housley | Placed on agenda for telechat - 2003-12-18 by Russ Housley |
2003-12-02
|
10 | Russ Housley | [Ballot Position Update] New position, Yes, has been recorded for Russ Housley |
2003-12-02
|
10 | Russ Housley | Ballot has been issued by Russ Housley |
2003-12-02
|
10 | Russ Housley | Created "Approve" ballot |
2003-12-01
|
10 | (System) | State has been changed to Waiting for AD Go-Ahead from In Last Call by system |
2003-11-17
|
10 | Amy Vezza | Last call sent |
2003-11-17
|
10 | Amy Vezza | State Changes to In Last Call from Last Call Requested by Amy Vezza |
2003-11-17
|
10 | Russ Housley | Last Call was requested by Russ Housley |
2003-11-17
|
10 | Russ Housley | State Changes to Last Call Requested from AD Evaluation::Revised ID Needed by Russ Housley |
2003-11-17
|
10 | (System) | Ballot writeup text was added |
2003-11-17
|
10 | (System) | Last call text was added |
2003-11-17
|
10 | (System) | Ballot approval text was added |
2003-11-11
|
09 | (System) | New version available: draft-ietf-pkix-proxy-09.txt |
2003-11-10
|
10 | Russ Housley | State Changes to AD Evaluation::Revised ID Needed from AD Evaluation::Revised ID Needed by Russ Housley |
2003-11-10
|
10 | Russ Housley | The authors have resolved all of the concerns that I raised. The updated I-D cannot be posted until IETF 58 is over. Once the updated … The authors have resolved all of the concerns that I raised. The updated I-D cannot be posted until IETF 58 is over. Once the updated I-D appears, the document will be ready for IETF-wide Last Call. |
2003-11-10
|
10 | Russ Housley | Status date has been changed to 2003-11-10 from 2003-09-25 |
2003-11-10
|
10 | Russ Housley | State Changes to AD Evaluation::Revised ID Needed from AD Evaluation by Russ Housley |
2003-11-10
|
10 | Russ Housley | The authors have resolved all of the concerns that I raised. The updated I-D cannot be posted until IETF 58 is over. Once the updated … The authors have resolved all of the concerns that I raised. The updated I-D cannot be posted until IETF 58 is over. Once the updated I-D appears, the document will be ready for IETF-wide Last Call. |
2003-11-10
|
10 | Russ Housley | Status date has been changed to 2003-11-10 from 2003-09-25 |
2003-10-08
|
10 | Russ Housley | State Changes to AD Evaluation from Publication Requested by Russ Housley |
2003-09-25
|
10 | Russ Housley | Draft Added by Russ Housley |
2003-08-27
|
08 | (System) | New version available: draft-ietf-pkix-proxy-08.txt |
2003-07-23
|
07 | (System) | New version available: draft-ietf-pkix-proxy-07.txt |
2003-05-09
|
06 | (System) | New version available: draft-ietf-pkix-proxy-06.txt |
2003-04-17
|
05 | (System) | New version available: draft-ietf-pkix-proxy-05.txt |
2003-03-04
|
04 | (System) | New version available: draft-ietf-pkix-proxy-04.txt |
2002-10-23
|
03 | (System) | New version available: draft-ietf-pkix-proxy-03.txt |
2002-03-06
|
02 | (System) | New version available: draft-ietf-pkix-proxy-02.txt |
2001-08-13
|
01 | (System) | New version available: draft-ietf-pkix-proxy-01.txt |
2001-07-11
|
00 | (System) | New version available: draft-ietf-pkix-proxy-00.txt |