SCVP - PowerPoint PPT Presentation

About This Presentation
Title:

SCVP

Description:

Can client supply bag of attribute and identity certificates as supporting data to request? Yes but can only ask for one to be validated per transaction. Open Issues ... – PowerPoint PPT presentation

Number of Views:24
Avg rating:3.0/5.0
Slides: 6
Provided by: trevorf1
Learn more at: https://www.ietf.org
Category:
Tags: scvp | critical

less

Transcript and Presenter's Notes

Title: SCVP


1
SCVP
  • Russ Housley
  • Trevor Freeman
  • Ambarish Malpani

2
Status
  • Draft 10 published
  • Comprehensive review by Denis Pinkas
  • Point by point answers provided
  • Some open issues

3
Open Issues
  • Criticality of extensions
  • Align definition with 3280
  • ReplyTypesOfCheck and ReplyWantBack have
    critical flag
  • Remove
  • Server returns error if does not set of OIDs
  • Syntax includes place holder for validation of
    other signed objects
  • Limit scope to identity and attribute certs
  • Can client supply bag of attribute and identity
    certificates as supporting data to request?
  • Yes but can only ask for one to be validated per
    transaction

4
Open Issues
  • What form can trust anchors take?
  • Direct reference in request (DNkey)
  • Indirect reference (hash of data URL)
  • Unique SCVP server response identifier
  • Proposal to use hash in the signed attribute
  • Constraints on trust anchors
  • Client can request which set of cert policy to
    use
  • Define application specific validation policy in
    separate document
  • SMIME, IPSEC, TLS, RA

5
Way Forward
  • Draft 10
  • Meets all documented requirements
  • Draft 11
  • Address open issues
  • Ready for working group last call
Write a Comment
User Comments (0)
About PowerShow.com