Pasi Eronen and Valtteri Niemi writes: o Section 7.1.3 (technical): Is it possible to configure more than one trusted root? o Section 7.1.3 (technical): Definition of "minbits" (sort of) assumes that all intermediate certificates are also signed with RSA. In general, this doesn't have to be true: a certificate for peer's RSA key could be signed with elliptic curve DSA or something else for which the "minbits" doesn't make sense. Also, "minbits" is just one example of a policy specifying what sort of certificate chains are acceptable and what are not. For instance, we could require revocation checks (CRL lookup, or OCSP). Maybe these shouldn't be in the SA at all, so perhaps "minbits" could be redefined to refer just to the peer key? (If it's needed at all) ------------------- Jari Arkko responds: > o Section 7.1.3 (technical): Is it possible to configure more > than one trusted root? This would make sense. > o Section 7.1.3 (technical): Definition of "minbits" (sort of) > assumes that all intermediate certificates are also signed with > RSA. In general, this doesn't have to be true: a certificate for > peer's RSA key could be signed with elliptic curve DSA or > something else for which the "minbits" doesn't make sense. Hmm.... perhaps minbits should be kept as a CGA-specific policy, i.e. apply only to the key which is used in the CGA generation. > Also, "minbits" is just one example of a policy specifying what > sort of certificate chains are acceptable and what are not. For > instance, we could require revocation checks (CRL lookup, or OCSP). > Maybe these shouldn't be in the SA at all, so perhaps > "minbits" could be redefined to refer just to the peer key? > (If it's needed at all) I'm not sure how this would work. We don't necessarily know the peer's key. Can you clarify? ------------------- Jari Arkko: In your review you made some comments about the SA configurations for SEND, and I sent in an initial response. I'm not sure I saw an answer to your (or it got lost among the Re: Approved e-mails). Anyway, you can review the discussion from http://www.piuha.net/~jarkko/publications/send/issues/issue10.txt And here's what I would propose: (1) Modify section 5.2.3 (draft-arkko-send-ndopt) so that it allows more than one trusted root. (2) Specify the "minbits" only for the final CGA keys (and hence restricted for RSA only). Avoid talking about the key sizes of trusted roots and intermediaries; proper key size usage is just one of the things that we expect from our CAs. We don't need to specify that in the protocol. ------------------- Pasi Eronen: The proposed modifications look ok to me. ------------------- -------------------