IETF Logo Mail Archive

Re: [Acme] [Technical Errata Reported] RFC9115 (7336)

Thomas Fossati <Thomas.Fossati@arm.com> Tue, 07 February 2023 14:27 UTC

Return-Path: <Thomas.Fossati@arm.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A1914C1522AD for <acme@ietfa.amsl.com>; Tue, 7 Feb 2023 06:27:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b="+FaHjZ4q"; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b="+FaHjZ4q"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GBJjoAfWSnnM for <acme@ietfa.amsl.com>; Tue, 7 Feb 2023 06:27:45 -0800 (PST)
Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on20606.outbound.protection.outlook.com [IPv6:2a01:111:f400:7e1b::606]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 94C8CC1526ED for <acme@ietf.org>; Tue, 7 Feb 2023 06:27:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pGugBFk5/+Cct0IqDp66ZVXbA4ZII4glDYnV/LcJiow=; b=+FaHjZ4qso1qISZ0XNIZLGoCsG+yLAoGsFqBlvToeLtXAArn8/BHfSXLkoY5q+kHD+IHMKTOgCviKCgqxbDuTj5uVWir+25w8a8byn0F2DR2XjWNn0M5OUhPooTIYXJYA0ulp/xG9HJe5BJh5jlZUlDrnG/1cRYqcuFjianr640=
Received: from AS9PR06CA0298.eurprd06.prod.outlook.com (2603:10a6:20b:45a::6) by AS8PR08MB9387.eurprd08.prod.outlook.com (2603:10a6:20b:5aa::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6064.32; Tue, 7 Feb 2023 14:27:39 +0000
Received: from AM7EUR03FT010.eop-EUR03.prod.protection.outlook.com (2603:10a6:20b:45a:cafe::92) by AS9PR06CA0298.outlook.office365.com (2603:10a6:20b:45a::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6064.36 via Frontend Transport; Tue, 7 Feb 2023 14:27:39 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;dmarc=pass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; pr=C
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AM7EUR03FT010.mail.protection.outlook.com (100.127.141.22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6064.31 via Frontend Transport; Tue, 7 Feb 2023 14:27:38 +0000
Received: ("Tessian outbound 333ca28169fa:v132"); Tue, 07 Feb 2023 14:27:38 +0000
X-CheckRecipientChecked: true
X-CR-MTA-CID: a20a2e72fd1d2f69
X-CR-MTA-TID: 64aa7808
Received: from af49934bf54a.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 173028FB-279F-45DC-9FA4-A8047D825554.1; Tue, 07 Feb 2023 14:27:31 +0000
Received: from EUR05-DB8-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id af49934bf54a.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Tue, 07 Feb 2023 14:27:31 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=LVzpwMNRdkXTE0lLtluihG7FBlMxCkD/46pRRtRw2f4KHDfy736yTUcwKP2kHOMwmIvZMSSDsRQIPbhCdpY0pvwJGJiWCdsltbFm4kTX956d4EvoReX2T4VcOaT5RrXU24ehtAW8b/QROzz+hQwHSAxwDpwcbszMTXwOcvVSMxW6gKjv5t2ESgwhXTjT9AMhGv23cekIkyhmemzmkCxnJNpf19ddroWBC+Qw9dxpS8mDrIMcsqKnL9QEsStfkC4MK9ka8F8zuMT3BQGZPaHAduxWRebqwnA+DorS92dmZgoBflWJzhjRA8A6poVubbgbqeF1+tsOF+0ezv49uH3mxQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=pGugBFk5/+Cct0IqDp66ZVXbA4ZII4glDYnV/LcJiow=; b=NkNhCm5ShRKlgLITR3h/yRCachNji7wb2OOCNvbzgBx2h5PFviHEx1pzo0haaErowAFFBfKwn5Wy6b3rlusHcCJ7e22DDJAUy3dyffPzQY2HxOSgdI7MnyOdYfqBaI/NZxTm5ytwj1pq7o0W7k7/ty2R3X4XZR5wrusQVQG4xvm7GeRwMKbTZo2y3O3To7MAIORttSaeYbTpDCrW7Nwf9wcrttukfYO5lc2IWbY7Uei4UzcbVFcbO4Xv2mt58ZBpNze9pvWvRsGqFsjX4HMyxwgn69O/19hMt0izufi/9QPk0+GxZv/E1K5YqnRsb2cQFE/ubuqRAvMRCYWF6ggqvQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pGugBFk5/+Cct0IqDp66ZVXbA4ZII4glDYnV/LcJiow=; b=+FaHjZ4qso1qISZ0XNIZLGoCsG+yLAoGsFqBlvToeLtXAArn8/BHfSXLkoY5q+kHD+IHMKTOgCviKCgqxbDuTj5uVWir+25w8a8byn0F2DR2XjWNn0M5OUhPooTIYXJYA0ulp/xG9HJe5BJh5jlZUlDrnG/1cRYqcuFjianr640=
Received: from DB9PR08MB6524.eurprd08.prod.outlook.com (2603:10a6:10:251::8) by AS2PR08MB9738.eurprd08.prod.outlook.com (2603:10a6:20b:606::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6064.31; Tue, 7 Feb 2023 14:27:29 +0000
Received: from DB9PR08MB6524.eurprd08.prod.outlook.com ([fe80::8295:3930:eca:1601]) by DB9PR08MB6524.eurprd08.prod.outlook.com ([fe80::8295:3930:eca:1601%4]) with mapi id 15.20.6064.036; Tue, 7 Feb 2023 14:27:29 +0000
From: Thomas Fossati <Thomas.Fossati@arm.com>
To: Carsten Bormann <cabo@tzi.org>, RFC Errata System <rfc-editor@rfc-editor.org>
CC: "yaronf.ietf@gmail.com" <yaronf.ietf@gmail.com>, "Diego R. Lopez" <diego.r.lopez@telefonica.com>, "antonio.pastorperales@telefonica.com" <antonio.pastorperales@telefonica.com>, "Roman D. Danyliw" <rdd@cert.org>, Paul Wouters <paul.wouters@aiven.io>, "decoole@radium.ncsc.mil" <decoole@radium.ncsc.mil>, "debcooley1@gmail.com" <debcooley1@gmail.com>, "ynir.ietf@gmail.com" <ynir.ietf@gmail.com>, "acme@ietf.org" <acme@ietf.org>
Thread-Topic: [Technical Errata Reported] RFC9115 (7336)
Thread-Index: AQHZOoPKVYnBs3RoK02ElYIXpvvv367ClUCAgAD1eGQ=
Date: Tue, 07 Feb 2023 14:27:11 +0000
Message-ID: <DB9PR08MB6524EF6EBAF366A2D47062659CDB9@DB9PR08MB6524.eurprd08.prod.outlook.com>
References: <20230206233552.C595011E4FC@rfcpa.amsl.com> <9B3BF4F3-5A01-447D-88E3-8C621E8CB0C5@tzi.org>
In-Reply-To: <9B3BF4F3-5A01-447D-88E3-8C621E8CB0C5@tzi.org>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Authentication-Results-Original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
x-ms-traffictypediagnostic: DB9PR08MB6524:EE_|AS2PR08MB9738:EE_|AM7EUR03FT010:EE_|AS8PR08MB9387:EE_
X-MS-Office365-Filtering-Correlation-Id: 93f0e3a2-75db-444f-5616-08db09177706
x-checkrecipientrouted: true
nodisclaimer: true
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: zDgIM+HovwMsoFzS8zvetQbjOn2aZcz/dK/7Tpc+eh/A3jkfIQ1MZgEjz4WtiOzNZoppfPRWr5HV8PlGTOtKZDpjXQkopEXY6MW1VJBDyNs3xLgB4GUJuHYMqq4fcIOUzEz6J+voSBHwQsyy4jk7NMsfKlsXFEjgQJaArw9xH+EpqqjPvVeodjwLWvm4BD6B9LxfQR/z1sKTgmh9DDv0gKa3OyGHv8yAPCga2TvUgwzduSzCRt5tONCUCBhwyxtvx1Ztlaj0JRHd0OTz4tLXXURa9Bw58KXDldUuS32QFp9aqXuM9d+Xi5Trbg2m9LLfPwwKjqgDoKgC5NlTI/LyJFr1ZfC4z4GdgBCMuTe0G4C6T+NBfgE3349SHYbL2e726C804xkyppJdWTye68TIMwg1qO82WqNltYO8EwUGCj/3CEAkSA0O5Gxh3UAE8H2Q3vQ4ZhPkiLxwe/4h1k7paLA45ITyw86NJaTwg2wX14eAmhRVTIEXrES00aWTh7mua+r9GNkxlTxt7r50+dAp023kgslWiKi3lpnYkIcuY0fGmv11vxy8FpiCyn05lBBtuhWMs7lxK63B8Q5rt7wKibycxgDMJa+Ki8Hz1d/KXIAme2Xj6NBgKhiYhH+t4MdWqaAe0pTnB7c4gwv8mHqpj1eqi1xlSUt+QUSFwlQofMQ/xDaGgNVg/6OuUN8f25E+XXnTT4B93iXcxNGFFRlH8nms+cSMZuo67wH4DeBKWu0=
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB9PR08MB6524.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230025)(4636009)(376002)(396003)(346002)(366004)(39860400002)(136003)(451199018)(38100700002)(55016003)(166002)(122000001)(38070700005)(86362001)(33656002)(316002)(66556008)(110136005)(66946007)(66476007)(8676002)(66446008)(4326008)(64756008)(91956017)(478600001)(53546011)(966005)(76116006)(6666004)(7696005)(71200400001)(186003)(26005)(9686003)(6506007)(54906003)(2906002)(8936002)(83380400001)(52536014)(41300700001)(66574015)(7416002)(5660300002); DIR:OUT; SFP:1101;
Content-Type: multipart/alternative; boundary="_000_DB9PR08MB6524EF6EBAF366A2D47062659CDB9DB9PR08MB6524eurp_"
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS2PR08MB9738
Original-Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM7EUR03FT010.eop-EUR03.prod.protection.outlook.com
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id-Prvs: 2fbc5005-4a8f-4772-2693-08db09177151
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: LS6mk67X/HKlnQwwePGV4efX+evS40jOxPiRVmYTMsHlClrBaNUtcWmEWm3tlpVPSSVh0qli4+TVAqzurgyy7NwRBeVzlOAHZ4UoIeilonc9AkXZGpHBdT/0KwjSNa4byV8lRCpCqSsRyxj3w+nrNG7mR9DA9V9A5PA7wKDj8v7RSinXcDYONj8N7giAfZwPhVqKW5yTyLTAOrchlCLu6Aq2pdeyE6hrAgv9U0PYr6WGZbis0Ar7JMC4ddFor86FlqkvrAJK/mLICobw7Pw80e9hxDlgYDi3oE7aiwrNZNwXOk3sz5FiUrXSf8BDuIQKcvzybMYi2DSrZRmiNmxtFPpvf2jg42Vr8wKLQe/BdSkk/lV3M6SMN1TMcNsjTCswUb4BR1hn8tGalvtolqro1MUqYOG+OLjVspFBcV/qyutyn6/aE+LKP3Ar0ryk8jSU4ZQrlLT0+xdvjREK+Ig6Wdhsx1RpyXXOvQd5QMY6gW+iNdgLzZqERUXy7TCXp5YiPhsZLM9VKpbIFniv0BuvNaxw2oKR9cYZcI/2/SJqxPPoLHTVVET3JSGOgXWJffFlgDw5fOQncBcF282kFNrbC90lCdC6MvMkB5Ub/0+/HKMelwYdqM4cVLLSKHVz6CspwIeozCC8wgLkD/uqqn4ryeTR2xk3Y9jXG9onI9EdjU22WjqE8jP6XVTGGciyAHcBo6xNI7gv2XZaFNObZZ1GZVIrRFDwMiQK/fKFd1QYgc8=
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFS:(13230025)(4636009)(376002)(39860400002)(396003)(136003)(346002)(451199018)(40470700004)(36840700001)(46966006)(54906003)(110136005)(52536014)(316002)(86362001)(9686003)(33656002)(7696005)(82740400003)(6666004)(81166007)(966005)(26005)(356005)(166002)(53546011)(186003)(6506007)(478600001)(82310400005)(2906002)(5660300002)(36860700001)(83380400001)(40460700003)(66574015)(40480700001)(55016003)(336012)(70586007)(70206006)(8936002)(8676002)(4326008)(41300700001)(47076005); DIR:OUT; SFP:1101;
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Feb 2023 14:27:38.8077 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 93f0e3a2-75db-444f-5616-08db09177706
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-AuthSource: AM7EUR03FT010.eop-EUR03.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR08MB9387
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/fFK9mhpyEnCS_Cnbek1G3gfiUvg>
X-Mailman-Approved-At: Tue, 07 Feb 2023 07:17:53 -0800
Subject: Re: [Acme] [Technical Errata Reported] RFC9115 (7336)
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Feb 2023 14:27:50 -0000

Carsten is obviously right.

I had missed the parenthetical in § 3.8.3.1. of RFC8610:

>    […] (Note that this also means that there is one level of
>    string escaping before the XSD escaping rules are applied.)

Thanks for spotting it!

Cheers, t

On 06/02/2023, 23:46, "Carsten Bormann" <cabo@tzi.org> wrote:

This is hilarious — the errata reporting form apparently ate my double backslashes.

Here is the corrected Corrected Text:

  oid = text .regexp "([0-2])((\\.0)|(\\.[1-9][0-9]*))*”

And here is how I would write this, having been bitten by backslashes in RFCs before:

  oid = text .regexp "([0-2])(([.]0)|([.][1-9][0-9]*))*”

(Actually, I would write this:

  oid = text .regexp "[0-2]([.](0|([1-9][0-9]*)))*”

…but this is a style issue.)

Grüße, Carsten


> On 2023-02-07, at 00:35, RFC Errata System <rfc-editor@rfc-editor.org> wrote:
>
> The following errata report has been submitted for RFC9115,
> "An Automatic Certificate Management Environment (ACME) Profile for Generating Delegated Certificates".
>
> --------------------------------------
> You may review the report below and at:
> https://www.rfc-editor.org/errata/eid7336
>
> --------------------------------------
> Type: Technical
> Reported by: Carsten Bormann <cabo@tzi.org>
>
> Section: Appendix A
>
> Original Text
> -------------
>   oid = text .regexp "([0-2])((\.0)|(\.[1-9][0-9]*))*"
>
>
> Corrected Text
> --------------
>   oid = text .regexp "([0-2])((\.0)|(\.[1-9][0-9]*))*"
>
>
> Notes
> -----
> Backslashes need to be doubled in CDDL strings (as they are done in Appendix B).
>
> An alternative fix would be to replace \. by [.]
>
> Note that the equivalent fix is not required for
>
>   regtext = text .regexp "([^\*].*)|([\*][^\*].*)|([\*][\*].+)"
>
> as the fact that the single backslashes have no effect is irrelevant here — the backslashes are not needed in the character classes [...].
> As an editorial enhancement, the backslashes could be entirely removed from this line.
>
> Instructions:
> -------------
> This erratum is currently posted as "Reported". If necessary, please
> use "Reply All" to discuss whether it should be verified or
> rejected. When a decision is reached, the verifying party
> can log in to change the status and edit the report, if necessary.
>
> --------------------------------------
> RFC9115 (draft-ietf-acme-star-delegation-09)
> --------------------------------------
> Title               : An Automatic Certificate Management Environment (ACME) Profile for Generating Delegated Certificates
> Publication Date    : September 2021
> Author(s)           : Y. Sheffer, D. López, A. Pastor Perales, T. Fossati
> Category            : PROPOSED STANDARD
> Source              : Automated Certificate Management Environment
> Area                : Security
> Stream              : IETF
> Verifying Party     : IESG
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email