[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Welcome your kind comments on "draft-zhipeng-pkix-drm-proxy-architecture".
The last sentence of the first sentence on page 6 goes, "Once all
these verifications are correct, the Service Server will also catch the
rights that are authorized to Proxy Device B by Request Device A via
parsing the elements in the Authorization document." I am not sure what
that means, precisely. If you mean "will also cache the rights authorized
on behalf of Request Device A (via parsing ...) for use through Proxy
Device B", then B has no independent set of rights. That could also be
worded "will cache the rights delegated by Request Device A (via parsing
...) to Proxy Device B".
I assume that A is trying to delegate those rights specified in
the ServiceRights field. What rights does B now have? It could be the
intersection of A's configured rights with ServiceRights, or the
intersection of B's configured rights with ServiceRights, or the union of
B's pre-existing configured rights with the intersection of A's configured
rights and ServiceRights.
Tom Gindin
Zhipeng Zhou <zhouzp@xxxxxxxxxx>
07/24/2009 09:44 PM
To
Tom Gindin/Watson/IBM@IBMUS
cc
"'PKIX'" <ietf-pkix@xxxxxxx>
Subject
RE: Welcome your kind comments on
"draft-zhipeng-pkix-drm-proxy-architecture".
Thanks for comments.
In DRM specification, the Request message will contain the signature of
the
Request entity.
I think better to give a concise introduction of this point.
Here I am not quite clear of your said " If device B's rights are to be
added to device A's authorization", can you pls give me a use case to help
me understand it.
Thank you.
Zhipeng
-----Original Message-----
From: owner-ietf-pkix@xxxxxxxxxxxx [mailto:owner-ietf-pkix@xxxxxxxxxxxx]
On
Behalf Of Tom Gindin
Sent: Friday, July 24, 2009 9:46 PM
To: Zhipeng Zhou
Cc: 'Perez, Aram'; 'PKIX'
Subject: RE: Welcome your kind comments on
"draft-zhipeng-pkix-drm-proxy-architecture".
I don't see any signature applied by Proxy Device B, so what is
the
point of its certificate in this protocol? I am not questioning the
function of the proxy itself, just of its certificate. If device B's
rights
are to be added to device A's authorization, should it not authenticate
itself at some point, perhaps through a countersignature?
Tom Gindin
Zhipeng Zhou <zhouzp@xxxxxxxxxx>
Sent by: owner-ietf-pkix@xxxxxxxxxxxx
07/22/2009 08:57 PM
To
"'Perez, Aram'" <aramp@xxxxxxxxxxxx>
cc
"'PKIX'" <ietf-pkix@xxxxxxx>
Subject
RE: Welcome your kind comments on
"draft-zhipeng-pkix-drm-proxy-architecture".
Hi Aram,
Nice to hear you.
Are you going to Sweden ?
If you can help me gathering more comments in the meeting, that will be
exactly wonderful for me.
Thank you.
Zhipeng
From: owner-ietf-pkix@xxxxxxxxxxxx [mailto:owner-ietf-pkix@xxxxxxxxxxxx]
On Behalf Of Perez, Aram
Sent: Thursday, July 23, 2009 3:50 AM
To: PKIX
Subject: Re: Welcome your kind comments on
"draft-zhipeng-pkix-drm-proxy-architecture".
Hi Zhipeng,
Interesting draft RFC. Here are a few minor comments:
“Trusty” is not a word. I believe what you want to say is “trusted
relationship”.
In section 5.1 you are using the binary format description language we
defined in OMA DRM but you have not explained how it is used.
Take care,
Aram
On 7/21/09 8:12 PM, Zhipeng Zhou wrote:
Stefan and all,
I'd ask if the PKIX guys in the Sweden meeting could feeback me your kind
comments or suggesions on my draft-zhipeng-pkix-drm-proxy-architecture
<blocked::
http://tools.ietf.org/id/draft-zhipeng-pkix-drm-proxy-architecture-00.txt>
.
Since some reasons, I could not be in the meeting. Welcome your emails
anytime.
Thanks very much.
Zhipeng
-----------------------------------------------------
Huawei Software Technologies Co.,Ltd.
Floor 2, Building A, NO.48,Ning Nan AV.,Nanjing, P.R.of China
Zipcode:210012
E-Mail: zhouzp@xxxxxxxxxx <mailto:zhouzp@xxxxxxxxxx>
Phone:(+86) 25-82276771
Fax:(+86) 25-82276760
Mobile:(+86) 13404162849
-----------------------------------------------------
****************************************************************************
***********************************
本邮件及其附件含有华为公司的保密信息,仅限于发送给上面地址中列出的个人
或群组。禁止任何其他人以任何形式使用
(包括但不限于全部或部分地泄露、复制、或散发)本邮件中的信息。
如果您错收了本邮件,请您立即电话或邮件通知发件人并删除本邮件!
****************************************************************************
***********************************
****************************************************************************
***********************************
This e-mail and its attachments contain confidential information from
HUAWEI, which is intended only for the
person or entity whose address is listed above. Any use of the information
contained herein in any way(including,
but not limited to, total or partial disclosure, reproduction, or
dissemination) by persons other than the intended
recipient(s) is prohibited.
If you receive this e-mail in error, please notify the sender by phone
or email immediately and delete it!
****************************************************************************
***********************************