[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

More Comments on DPD/DPV Requirements

To: "PKIX" <ietf-pkix@xxxxxxx>
Subject: More Comments on DPD/DPV Requirements
From: "Yuriy Dzambasow" <yuriy@xxxxxxxxxxxx>
Date: Fri, 1 Mar 2002 11:28:52 -0500
Importance: Normal
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Reply-to: <yuriy@xxxxxxxxxxxx>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

Some additional comments.  I have separated them into the following
categories: editorial and technical.

Editorial (at least I am assuming these are editorial):

1) Recommend deleting the 2nd paragraph on page 5 (Section 5) for the
following reasons:
	- the first sentence attempts to qualify the preceding paragraph, and in my
opinion, adds no additional value
	- the second sentence contains redundant information already defined two
paragraphs above

2) In section 5, 3rd paragraph it says, "...In that case it is acceptable to
pass the parameters from the path discovery policy with each individual
request, i.e. a set of trust anchors..."  Please change the "i.e." to "e.g."

3) Section 8, first paragraph: The text states that a client can use a
request/response pair to define to a server a "..validation policy and/or a
path discovery policy..."  Please change "and/or" to "or".

4) Change title of 8.1.1 to Certification Path Requirements, so that it is
consistent with the text in section 8.1, item 1.

Technical:

Most of my comments have been addressed (or are being addressed on previous
threads).  I have these three additional comments:

1) Why does DPD say that it is OK to pass some policy parameters within a
DPD request if the policy is simple enough (section 5), but just the
opposite is said for DPV (section 4)?  I would think that a simple policy
could be adhered to as well for DPV, and that the parameter specification
could occur within the DPV request.

2) For DPD responses (page 5), why do the first three response types say,
"...according to the path discovery policy...", while the last response type
says, "...according to the path discovery criteria..."?  What is the
difference between policy and criteria?  If there is no difference, then I
recommend changing "criteria" to "policy".

3) Section 8:  I think it would be helpful to break out the PDP requirements
section into two areas: 1) requirements around the coordination of a
validation/path discovery policy between a client and a server to support
the validation/path discovery for a given certificate; and 2) requirements
around defining an authorized policy at a server (e.g., used by security
managers).  This makes it clear that PDP can be used in two distinct ways.

Prev by Date: Re: Validation policy in DPV/DPD rqmts
Next by Date: Should PDP Be a Separate Specification??
Previous by thread: I-D ACTION:draft-ietf-pkix-okid-01.txt
Next by thread: Should PDP Be a Separate Specification??
Index(es):
- Date
- Thread