[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Evaluation: draft-ietf-sigtran-security - Security Considerations for SIGTRAN Protocols to Proposed Standard
- To: IESG Secretary <iesg-secretary@ietf.org>
- Subject: Re: Evaluation: draft-ietf-sigtran-security - Security Considerations for SIGTRAN Protocols to Proposed Standard
- From: "Steven M. Bellovin" <smb@research.att.com>
- Date: Fri, 11 Apr 2003 16:58:58 -0400
- Cc: Internet Engineering Steering Group <iesg@ietf.org>
In message <200304102322.TAA11578@ietf.org>, IESG Secretary writes:
>
>Last Call to expire on: 2003-3-7
>
> Please return the full line with your position.
>
> Yes No-Objection Discuss * Abstain
>
>
>Steve Bellovin [ ] [ X ] [ ] [ ]
Nit: The correct spelling is IPsec, not IPSec.
Section 8 speaks of certificate authorities. Since SIGTRAN connections
are by prearrangement among parties with a pre-existing business
arrangement, there's no need for a CA. One party can issue a
certificate to the other, or each can use self-signed certificates.
Regardless of where the certificate comes from (including a
conventional CA), knowledge of the expected certificate chain is a
necessary part of the security provisioning.
Both of these can be fixed with an RFC editor's note.
--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com (2nd edition of "Firewalls" book)