Re: [Acme] I-D Action: draft-ietf-acme-dtnnodeid-12.txt
Deb Cooley <debcooley1@gmail.com> Tue, 30 January 2024 15:17 UTC
Return-Path: <debcooley1@gmail.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 47DC9C14F5FD; Tue, 30 Jan 2024 07:17:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.855
X-Spam-Level:
X-Spam-Status: No, score=-1.855 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 88vO9IpSn1eM; Tue, 30 Jan 2024 07:17:03 -0800 (PST)
Received: from mail-il1-x12c.google.com (mail-il1-x12c.google.com [IPv6:2607:f8b0:4864:20::12c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7474EC14F5FC; Tue, 30 Jan 2024 07:17:03 -0800 (PST)
Received: by mail-il1-x12c.google.com with SMTP id e9e14a558f8ab-3638500503cso4600075ab.0; Tue, 30 Jan 2024 07:17:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1706627822; x=1707232622; darn=ietf.org; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=PAaVOfph0a+kEr3CetlYaw1lMYmH02FPcWwbKpoVSqQ=; b=VBNVdQzVsjhmCfNSSH6JLEHZxn1Ao4VjslD51z3P/PJbM/KYLZs6wopNHiy1t2gyXc E7DaS8VOJqKaaJIpckIZr0Emq1QU9Z2bMaD1DcWRVeAcQsDkCw/7IqCzElseVidZPVAn G8OWwOZ+Y38SXYI09gEV17DkK3HO4aHz8gKg5bJG//WAdkQz8mCFMkkMyjP9nHt21jc5 nl/ZR3lpca1iCdFJN9JDi2IUFlaAdlHKk7kh396G9iMSIaZ2Fv58xzIClhJ+ym8D8CZ7 ERT2Pn0Viz8I5CYGzFAgxIAqkIabvYCf9hNf2kxh3Ov69K+3KbHMPS95ZK3wBllgwgmu /cAg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706627822; x=1707232622; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=PAaVOfph0a+kEr3CetlYaw1lMYmH02FPcWwbKpoVSqQ=; b=R80hzkdCwqn49Ntv8ZWnDs1XssZGAbjcVmDkji9RXxMVgODQY5HQvLlVyg5jwj4K+Z nwimkT+bxoS+YEXjb6JMVNRrPGvy7m3ulIrkpko6EAMIB4Gjqt6RHwbkN8F55g+Xo8Fh rxpnpR76jMzoDzTBaaiRfDJRUZU9r+CeJsaMGlKlFY49ugq9clXyx8Vs8NTsba+cmlOA MHY3We31dHaZdV06GbcUtPwhjphl+VlIg0Jc7HOQdQ9b+SXcKlJWEi8H9k+g0m0lBqHn tQ/84oMgdsd4eZKCYM7i/2U44j7e0AQkv7T64R8Ww6Maz6eKC5n5Y3b6rrYOBPGBblD0 fsOA==
X-Gm-Message-State: AOJu0YyTDcxWFk4KSZRmeBscS0HpvEPTV6HeRUGC8t/19XW6fz+bHyST Hwyp9yXDP42inWziN40ABzlp40/gO5OzPv9YChFoJpkLQ9mXWoHtsdRx3laLN1zEyfEZDQ/DH6v evlgr8tbNNaQ4Vv7SMoHPAo3xc05coT1+Ig==
X-Google-Smtp-Source: AGHT+IG2CLujCdlHke8cI7668ewXKaMWkCCe2f2N1g81QEqFTXgiMtSgd1qcENp80aCq8uXnuSsrAydTLmOXoZBTQZE=
X-Received: by 2002:a92:c987:0:b0:363:9182:7de4 with SMTP id y7-20020a92c987000000b0036391827de4mr977708iln.18.1706627822194; Tue, 30 Jan 2024 07:17:02 -0800 (PST)
MIME-Version: 1.0
References: <170500837851.47648.11997188498442985897@ietfa.amsl.com> <CAGgd1OeSP00c1bcUZbRpqv1+r33Tpj=ESq-WVL5ra7_yL91Mog@mail.gmail.com> <467fbebf-39c7-440a-b5a0-700882dcb7a2@cs.tcd.ie>
In-Reply-To: <467fbebf-39c7-440a-b5a0-700882dcb7a2@cs.tcd.ie>
From: Deb Cooley <debcooley1@gmail.com>
Date: Tue, 30 Jan 2024 10:16:37 -0500
Message-ID: <CAGgd1OfRJCvCp=5SJQx8fnaG1ztrpdrHQwRy8f87p+Vjn1y=_w@mail.gmail.com>
To: acme@ietf.org, draft-ietf-acme-dtnnodeid.all@ietf.org
Content-Type: multipart/alternative; boundary="0000000000001b159206102b4120"
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/aAmDCUhcVopd9AEIkWvpWAFmV6Q>
Subject: Re: [Acme] I-D Action: draft-ietf-acme-dtnnodeid-12.txt
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Jan 2024 15:17:04 -0000
Also a late review (sigh). All of mine are typos, so they should be easy to fix. Section 1.4, Endpoint ID def: typo: I think you need a comma here: 'An endpoint can be a singleton or not [,] so an Endpoint ID can also...' Section 2, para 1, sentence 2: typo: 'an Bundle Endpoint' sb 'a Bundle Endpoint'. Section 2, para 4, last sentence: typo: 'via scheme-specific means [is] authorized'? Deb Cooley no hats.... On Mon, Jan 29, 2024 at 7:18 PM Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote: > > Hiya, > > On 12/01/2024 12:00, Deb Cooley wrote: > > This is the beginning of a two week WGLC for this draft, which will end > on > > 26 Jan. > > > > Please review and comment. > > Sorry for the slightly late review. > > I previously reviewed -09 of this and think the changes since then, > (perhaps partly in response to that review), nicely capture the nature > of the experiment being done here, are well-stated in the draft and > are sufficient for publication of an experimental RFC. (As a nit, some > of those changes have enhanced visibility in the text version but not > in the HTML - I like the way the text version calls our those bits of > text myself fwiw, e.g. in the last para before 1.1.) > > I mostly reviewed the diff from -09 to -12 and haven't implemented > either a client or server for this but the nitty details look fairly > sane for an experimental RFC. > > If there were one thing I'd suggest adding, it'd be to describe a > DTN scenario where the multi-perspective thing was ineffective, from > the vantage point(s) of a CA. I think that might help people doing > experiments figure out some things to look out for, or might help > some CA decide to play-ball in an experiment if they don't have to > discover the problem themselves. (A known problem there is a DTN where > all traffic between the CA and DTN nodes has to go via one (set of) > agents all under the control of a potential attacker.) I don't think > such text is required for publication, but spelling it out in 3.5 or > the security considerations would be nicer I think. > > I see Rob has commented that he doesn't see how this draft can garner > IETF consensus. I don't get that objection(*) as ISTM the IETF can of > course reach consensus to enable experiments related to DTN security and > key management, which are both fairly tricky topics where improvements > will (I think) benefit from experimentation of this kind. (Or to put > it negatively, without experiments like this, we'll likely not see > improvements in DTN security and key management.) > > So, yes, I think this is ready to move along to IETF LC and to become > an experimental RFC. > > Cheers, > S. > > (*) WRT IETF consensus, we're not there yet since IETF LC hasn't > started, so it's puzzling to object that we can't get that when > WGLC is only now under way. > > > > > > > Deb C > > ACME WG Chair > > > > On Thu, Jan 11, 2024 at 4:26 PM <internet-drafts@ietf.org> wrote: > > > >> Internet-Draft draft-ietf-acme-dtnnodeid-12.txt is now available. It is > a > >> work > >> item of the Automated Certificate Management Environment (ACME) WG of > the > >> IETF. > >> > >> Title: Automated Certificate Management Environment (ACME) > >> Delay-Tolerant Networking (DTN) Node ID Validation Extension > >> Author: Brian Sipos > >> Name: draft-ietf-acme-dtnnodeid-12.txt > >> Pages: 31 > >> Dates: 2024-01-11 > >> > >> Abstract: > >> > >> This document specifies an extension to the Automated Certificate > >> Management Environment (ACME) protocol which allows an ACME server > to > >> validate the Delay-Tolerant Networking (DTN) Node ID for an ACME > >> client. A DTN Node ID is an identifier used in the Bundle Protocol > >> (BP) to name a "singleton endpoint", one which is registered on a > >> single BP node. The DTN Node ID is encoded as a certificate Subject > >> Alternative Name (SAN) of type otherName with a name form of > >> BundleEID and as an ACME Identifier type "bundleEID". > >> > >> The IETF datatracker status page for this Internet-Draft is: > >> https://datatracker.ietf.org/doc/draft-ietf-acme-dtnnodeid/ > >> > >> There is also an HTML version available at: > >> https://www.ietf.org/archive/id/draft-ietf-acme-dtnnodeid-12.html > >> > >> A diff from the previous version is available at: > >> https://author-tools.ietf.org/iddiff?url2=draft-ietf-acme-dtnnodeid-12 > >> > >> Internet-Drafts are also available by rsync at: > >> rsync.ietf.org::internet-drafts > >> > >> > >> _______________________________________________ > >> Acme mailing list > >> Acme@ietf.org > >> https://www.ietf.org/mailman/listinfo/acme > >> > > > > > > _______________________________________________ > > Acme mailing list > > Acme@ietf.org > > https://www.ietf.org/mailman/listinfo/acme >
- [Acme] I-D Action: draft-ietf-acme-dtnnodeid-12.t… internet-drafts
- Re: [Acme] I-D Action: draft-ietf-acme-dtnnodeid-… Deb Cooley
- Re: [Acme] [EXT] I-D Action: draft-ietf-acme-dtnn… Sipos, Brian J.
- Re: [Acme] I-D Action: draft-ietf-acme-dtnnodeid-… Stephen Farrell
- Re: [Acme] I-D Action: draft-ietf-acme-dtnnodeid-… Rob Sayre
- Re: [Acme] I-D Action: draft-ietf-acme-dtnnodeid-… Deb Cooley
- Re: [Acme] I-D Action: draft-ietf-acme-dtnnodeid-… Deb Cooley