[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Evaluation: draft-ietf-sigtran-security - Security Considerations for SIGTRAN Protocols to Proposed Standard

To: IESG Secretary <iesg-secretary@ietf.org>
Subject: Re: Evaluation: draft-ietf-sigtran-security - Security Considerations for SIGTRAN Protocols to Proposed Standard
From: "Steven M. Bellovin" <smb@research.att.com>
Date: Fri, 11 Apr 2003 16:58:58 -0400
Cc: Internet Engineering Steering Group <iesg@ietf.org>

In message <200304102322.TAA11578@ietf.org>, IESG Secretary writes:
>
>Last Call to expire on: 2003-3-7
>
>	Please return the full line with your position.
>
>                    Yes    No-Objection  Discuss *  Abstain  
>
>
>Steve Bellovin      [   ]     [ X ]       [   ]      [   ] 

Nit: The correct spelling is IPsec, not IPSec.

Section 8 speaks of certificate authorities.  Since SIGTRAN connections 
are by prearrangement among parties with a pre-existing business 
arrangement, there's no need for a CA.  One party can issue a 
certificate to the other, or each can use self-signed certificates.  
Regardless of where the certificate comes from (including a 
conventional CA), knowledge of the expected certificate chain is a 
necessary part of the security provisioning.

Both of these can be fixed with an RFC editor's note.

		--Steve Bellovin, http://www.research.att.com/~smb (me)
		http://www.wilyhacker.com (2nd edition of "Firewalls" book)

Prev by Date: Re: teh IETF's "bad call"
Next by Date: Re: teh IETF's "bad call"
Previous by thread: Re: Evaluation: draft-ietf-sigtran-security - Security Considerations for SIGTRAN Protocols to Proposed Standard
Next by thread: RE: Evaluation: draft-ietf-sigtran-security - Security Considerations for SIGTRAN Protocols to Proposed Standard
Index(es):
- Date
- Thread