IETF Logo Mail Archive

Re: [Acme] I-D Action: draft-ietf-acme-dtnnodeid-12.txt

Stephen Farrell <stephen.farrell@cs.tcd.ie> Tue, 30 January 2024 00:18 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 737FAC18DB9B; Mon, 29 Jan 2024 16:18:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.009
X-Spam-Level:
X-Spam-Status: No, score=-2.009 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e4doQrWKtTl9; Mon, 29 Jan 2024 16:18:32 -0800 (PST)
Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-vi1eur04on2134.outbound.protection.outlook.com [40.107.8.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C5B5FC18DB9A; Mon, 29 Jan 2024 16:18:31 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=m7qnNHFlWmTMwc1aeUVOLXBcJhjfIe/W0TwOAl3zKCl06WR0HbY9EO9BH1dUUjzMga+19Slk9vj0yjzRQ4VtTWwVDqJURUazhB9TJtIVOTul9byeAQE2GzJKRlVQ9Zggvb/bZ8xfa6fK/vZqND6/UdIbrXyf02dWRbdVZ7cXRfjK8K7NOZwhNKCB31biLN7w0WXVddRvaMUQ7VmoawOUWIK5BmvHk7IJWQLI6MOtZcKrwoi61RwjifPSO1ZOjs4WsCAd5ycbF3OF80WocpJ5PbaamxrqOzm7Xy+XxH6792+kfhSq3KEL1q14QY1Icp90POpO/PlGExNx+hx49ZsHHg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=0N6K6qBTVyUKs4QPuKeMEvTNQJcZ9dINtCHDW4t12ww=; b=KSHYfe/Ds2GYD82y5qXh4v7AnAYexdiqskg+ZrKf4gQ2XobwS+Bvuha7G4i/36Xt1Mhv//1zMasIVvsTww+3ldjjQCC1hb9mZHHpwNpm3tegBj1nmv4z1Exa6GuRaVJIOrhufrNz0hmppz8osax/QRXnsnGnFbcMwc0bm8jUuaixzVz1bo4Z3N8OkclVn1W9qkSRqsjalvWkXe9bw40RY9LMl5ui21X+pNCyjXPaqUjC2BnnLe06ZBysx93fYcf+5rh1IjuwR5eTf/R8wzJitKGlNWG+QKJFypzkwHUM1ZMSo8o7OtoT3MCntkfh+N2G7l0KCVbllMbNRG9VOl/bCQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cs.tcd.ie; dmarc=pass action=none header.from=cs.tcd.ie; dkim=pass header.d=cs.tcd.ie; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.tcd.ie; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0N6K6qBTVyUKs4QPuKeMEvTNQJcZ9dINtCHDW4t12ww=; b=mFfKl7/xhkdi/GurBeweHgejDyucdYAbQ00fHyx2TZxci+Dn13elCEa38MXVqSbi08nFSMznNCfXFeWY+y29+FDh74mtRKx3s8P5Qa5vo54yqcAop3g763sikOb8/x0k5YQ39RSTCrkoa0FJ9CX5uJOzFkaZSfvSzYkepZSIGJVBgwBpMRqxJ7UnpN86ZW0Cn2n7iCZTVrwM0b31SSm3a68OfoNTUhibHjfXt3foFIgXXdEcDiWwhfPkSi2k45kwwb8UsP7AOujfb4r2OlUEYZyWw+HDqkBeIzsOu7/XNxTBMSgryiqiWHiuBUPE7N/exMjFPYqkTGLhstt/MJbyDQ==
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cs.tcd.ie;
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15) by GVXPR02MB8254.eurprd02.prod.outlook.com (2603:10a6:150:3e::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.32; Tue, 30 Jan 2024 00:18:27 +0000
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::29da:8147:6e33:c2b7]) by DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::29da:8147:6e33:c2b7%4]) with mapi id 15.20.7228.029; Tue, 30 Jan 2024 00:18:26 +0000
Message-ID: <467fbebf-39c7-440a-b5a0-700882dcb7a2@cs.tcd.ie>
Date: Tue, 30 Jan 2024 00:18:24 +0000
User-Agent: Mozilla Thunderbird
Content-Language: en-US
To: Deb Cooley <debcooley1@gmail.com>, acme@ietf.org
Cc: draft-ietf-acme-dtnnodeid.all@ietf.org
References: <170500837851.47648.11997188498442985897@ietfa.amsl.com> <CAGgd1OeSP00c1bcUZbRpqv1+r33Tpj=ESq-WVL5ra7_yL91Mog@mail.gmail.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Autocrypt: addr=stephen.farrell@cs.tcd.ie; keydata= xjMEY9GzphYJKwYBBAHaRw8BAQdAo6JvjmSbxHdQWPZdvciQYsHhM1NxQBU398Mmimoy4p7N M1N0ZXBoZW4gRmFycmVsbCAoMjU1MTkpIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPsKQ BBMWCAA4FiEEMG54R8tZDyZFrDOn5Njp+ZeoM90FAmPRs6YCGwMFCwkIBwIGFQoJCAsCBBYC AwECHgECF4AACgkQ5Njp+ZeoM93bogEA25ElRyX0wwg+kGEN1AoL60MoZfvQZ/VtmXY6IC5j +csBAIBpkL5ySuzJK2zLNZn9qQGht8IaUcA7cvDcLvS2uHUEzjgEY9GzphIKKwYBBAGXVQEF AQEHQILCPWOwW36e8D3pY8GmvvtItIT+A5uV80ist+WokVsQAwEIB8J4BBgWCAAgFiEEMG54 R8tZDyZFrDOn5Njp+ZeoM90FAmPRs6YCGwwACgkQ5Njp+ZeoM92bcAEA8R+8cpqRUIS+SoAN iO05xE6O/wEx8/e88BqzAYki3SoBAOQdwiPX+MQrAxkWD8xxOsdMOAtxYKpkD1n8aPJUw6QJ
In-Reply-To: <CAGgd1OeSP00c1bcUZbRpqv1+r33Tpj=ESq-WVL5ra7_yL91Mog@mail.gmail.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="------------x8LdzWnkEfI9DzEUSoAwv1Df"
X-ClientProxiedBy: DU2P251CA0011.EURP251.PROD.OUTLOOK.COM (2603:10a6:10:230::6) To DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DB7PR02MB5113:EE_|GVXPR02MB8254:EE_
X-MS-Office365-Filtering-Correlation-Id: 1eb9f55f-db7d-4c21-9a54-08dc2128fa28
X-MS-Exchange-SharedMailbox-RoutingAgent-Processed: True
X-TCD-Routed-via-EOP: Routed via EOP
X-TCD-ROUTED: Passed-Transport-Routing-Rules
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: kjYRwfXn8gmtVYjKwV4Xk70KY+DkEHaA06yap2a8uhDZisNw9mBNXTcGHOTdDEdt/JYRDSjoHCV4zOdGqhKIqt80imXGMSDvz8VIZBEmxDRUivOCGAsEAAwczzjVMNDEZDDx+1y2gHhJZ+y8uaQxe+ksAWsi3C3+5LOpOJK9jSWI+Tu22E0G6xYiMIRuhIlLQjZkJh9Myo6Och+SMM/VaEYyRH4QyArzCmZi2SOk5u0/eHMt0ZTCGeoTENOOAkZGOJfIAWcCR6IHbxzhMGtgCNwOxeyd7YPFt7OhHH0xLEH/Kun3YRakI86OMZmU5VI8aaWAleaOCSZs4lEMIYL3ZjaB4XX9mvmX1psK8qgcTGA4W9TWtAfUKQPSrwnkgXwBmSjdwNAZzl6D7Ocpfe7Oja6172pZ7uAkz2n5iXK0ypACPzmyglLDAejvsenOmfJDUXwwJtZjGm1jIJxjso1SP1jRiWl0yMpaapo86FGBctrTSsYIkXKYHLAiCCfyXubhim25cM9nZ+tkiP6urapFOvX8I9MPWTPF/+1fk5KFazspNGMP49xu2PFAPMsw2KZFciwSK8bmYJWwDeNPbA0cvsXduJD5g93i7nvV50eupqF1maqmLAvrPBMuTZK1s0Y0zt+hKEj+MR4BXlbTAxDaXw==
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB7PR02MB5113.eurprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(366004)(346002)(39860400002)(376002)(136003)(396003)(230922051799003)(1800799012)(451199024)(186009)(64100799003)(83380400001)(6512007)(38100700002)(2616005)(66556008)(21480400003)(4326008)(2906002)(8676002)(8936002)(5660300002)(235185007)(44832011)(6486002)(966005)(53546011)(66574015)(6506007)(478600001)(33964004)(66476007)(41300700001)(66946007)(316002)(786003)(31696002)(86362001)(36756003)(31686004)(43740500002)(45980500001); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: UnXAwqXtQfSjLuMgCHZS5qfe4rMiyl0xf/ibOlM0imXdjNdPQZieNDTI1OAntv/1p93TofCkDNgH9u++j/rZGdtX+17seS0Ylk7pHJT+nen8ILLxkFHZklKzVeaAJwIR/HJbnXSPDjnN8dKSDikKoQ/WlHPddWMNKILbvF5aGOFBWFcNKbwRlynJ6TTwGkjoBVFWrJ8OQqkeVxjity980iw7lvFYwuSAdSO+1NYyXA5Z3vo8QzJJjr+JhZUThe4MluiwanQn3lRVHVGj0dNNQWSDckqGIItkBOBaKWAEUuhYgAX6uX0VFqplrnaNvQ5lJE950Vj0DfHsKnmoVVCbWaQuPLt86kezT7sMpnoyMK0cL76Y2WPbbu0G0fo7l7BS6LvEh2gLn8amxpYxCXcttHd421dWHyRbLfU6rGEL+qzhRRQPUr+TrizaeHMzud3SZugPhgsQ29VbVOL7FgAxwmHOHhBbDDkY4TSRobbT1jnzJLxrSyP4tLDdESHkk0e4kjra66zHUrxqZJxWjCs6PBDjv4kGH+UDEWa3RLDPUfhgNWdCtL/2gnxsM9FqfSLHBYds0N5P7v67kXV4l5+IjkYAgUlSiNjijQOV3+d9azp017lW4waoAw7yNqbkXzz0GbBfqyuUb+qAvFihNDKG03/McDH6T2N/fzU1E7oLZH+XWYnZXypvd4C/MSWVCX4sbdMSbNJwmzyBYtqg88vrM4/jJaqt6T0xvMgHQ/R7mMA1iM5xMTTHZF+WLcVOiy6TE5CkMUDdGMlpMG8bIv+YSmBx75WFAI47z5VYHiI+fcQgMCoTjbMYqq5jaCTdZZ2YROwJHPoMuzuTUIVNhnnmoyz78wpsQQcNK/58UAhm22DSpThCorMZmM5pn+Lixw0c70FpVQyH7UCjVw07zJZO8mUAthCzdQs5BSnNNJXIEH95uCzi0oxI9VWm383hs82WOWsoZXtK2sfc0oz5J2b4FkRwKwRoH1UMrRY0gmoT7zP7qLIWELVW0gwE/YeyEGFterxj7ftc8E2avPkHw5aRWqE6WaoCk3LTLblyHNpi0+R6s5GJ1sX81VQMU9Cwk+qdF66JEkMTcw1/JXXXLkvc5z+F82LyzmMqbZ6vYSCeZmaZ7hR4CpjJy9eSluT3SFBKZoCpZtZ8X8cEzwkBwn/gBVpUUmhwHhQ5b8DXGPKAcZCW27EPtPS32qGKKI+W8SvbZV8ukP8t2cRFgbuf+5vuit64M35PGTdj5rZyeiXN6CULedmIgkoE3Mol1RV2Dulv+Wn6ra+UrvShsYALoetMNG6fjs5+ch2C4RSMe5IczS9FZNXsGn60/iZHVioL0ATh8tVDr6zPr65cFztU7vuq30ssm982XaU4aYYAMEDEuG1wvwYt5guUicS3agkVm+25X7+yotUwnaJ9g/LK+55mJZkTpEYEYkXAFcVMjVrCgvPbYARU0QR6nNVhttnBecZ+gFYNHkvk8ESvqx/1W+5JRHNnTK7KI83alDC+RgHJAvgifgp9juVastrVODrtSkviazke2+7ULWgewARcoOhCf9YFzHBDe0RzotaDh4JgPAmgmGnW0mwQdmeqOjq4ydUyywkCPyH/MxIMY97eTfsUP0R/3rc4W2hJKVd1yOrNUhUux883m2UHgkhxGVhnHJ88
X-OriginatorOrg: cs.tcd.ie
X-MS-Exchange-CrossTenant-Network-Message-Id: 1eb9f55f-db7d-4c21-9a54-08dc2128fa28
X-MS-Exchange-CrossTenant-AuthSource: DB7PR02MB5113.eurprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Jan 2024 00:18:26.8151 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: d595be8d-b306-45f4-8064-9e5b82fbe52b
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: jVUn0CobhVzFHMLshrcbUPKMHVkU7rLPMjTJK9zu6mOzcQ8pH2HdOVDRJuaWqL0n
X-MS-Exchange-Transport-CrossTenantHeadersStamped: GVXPR02MB8254
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/jJWGysOGNAyc-eMAx3UN7KLaX9Q>
Subject: Re: [Acme] I-D Action: draft-ietf-acme-dtnnodeid-12.txt
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Jan 2024 00:18:36 -0000

Hiya,

On 12/01/2024 12:00, Deb Cooley wrote:
> This is the beginning of a two week WGLC for this draft, which will end on
> 26 Jan.
> 
> Please review and comment.

Sorry for the slightly late review.

I previously reviewed -09 of this and think the changes since then,
(perhaps partly in response to that review), nicely capture the nature
of the experiment being done here, are well-stated in the draft and
are sufficient for publication of an experimental RFC. (As a nit, some
of those changes have enhanced visibility in the text version but not
in the HTML - I like the way the text version calls our those bits of
text myself fwiw, e.g. in the last para before 1.1.)

I mostly reviewed the diff from -09 to -12 and haven't implemented
either a client or server for this but the nitty details look fairly
sane for an experimental RFC.

If there were one thing I'd suggest adding, it'd be to describe a
DTN scenario where the multi-perspective thing was ineffective, from
the vantage point(s) of a CA. I think that might help people doing
experiments figure out some things to look out for, or might help
some CA decide to play-ball in an experiment if they don't have to
discover the problem themselves. (A known problem there is a DTN where
all traffic between the CA and DTN nodes has to go via one (set of)
agents all under the control of a potential attacker.) I don't think
such text is required for publication, but spelling it out in 3.5 or
the security considerations would be nicer I think.

I see Rob has commented that he doesn't see how this draft can garner
IETF consensus. I don't get that objection(*) as ISTM the IETF can of
course reach consensus to enable experiments related to DTN security and
key management, which are both fairly tricky topics where improvements
will (I think) benefit from experimentation of this kind. (Or to put
it negatively, without experiments like this, we'll likely not see
improvements in DTN security and key management.)

So, yes, I think this is ready to move along to IETF LC and to become
an experimental RFC.

Cheers,
S.

(*) WRT IETF consensus, we're not there yet since IETF LC hasn't
started, so it's puzzling to object that we can't get that when
WGLC is only now under way.



> 
> Deb C
> ACME WG Chair
> 
> On Thu, Jan 11, 2024 at 4:26 PM <internet-drafts@ietf.org> wrote:
> 
>> Internet-Draft draft-ietf-acme-dtnnodeid-12.txt is now available. It is a
>> work
>> item of the Automated Certificate Management Environment (ACME) WG of the
>> IETF.
>>
>>     Title:   Automated Certificate Management Environment (ACME)
>> Delay-Tolerant Networking (DTN) Node ID Validation Extension
>>     Author:  Brian Sipos
>>     Name:    draft-ietf-acme-dtnnodeid-12.txt
>>     Pages:   31
>>     Dates:   2024-01-11
>>
>> Abstract:
>>
>>     This document specifies an extension to the Automated Certificate
>>     Management Environment (ACME) protocol which allows an ACME server to
>>     validate the Delay-Tolerant Networking (DTN) Node ID for an ACME
>>     client.  A DTN Node ID is an identifier used in the Bundle Protocol
>>     (BP) to name a "singleton endpoint", one which is registered on a
>>     single BP node.  The DTN Node ID is encoded as a certificate Subject
>>     Alternative Name (SAN) of type otherName with a name form of
>>     BundleEID and as an ACME Identifier type "bundleEID".
>>
>> The IETF datatracker status page for this Internet-Draft is:
>> https://datatracker.ietf.org/doc/draft-ietf-acme-dtnnodeid/
>>
>> There is also an HTML version available at:
>> https://www.ietf.org/archive/id/draft-ietf-acme-dtnnodeid-12.html
>>
>> A diff from the previous version is available at:
>> https://author-tools.ietf.org/iddiff?url2=draft-ietf-acme-dtnnodeid-12
>>
>> Internet-Drafts are also available by rsync at:
>> rsync.ietf.org::internet-drafts
>>
>>
>> _______________________________________________
>> Acme mailing list
>> Acme@ietf.org
>> https://www.ietf.org/mailman/listinfo/acme
>>
> 
> 
> _______________________________________________
> Acme mailing list
> Acme@ietf.org
> https://www.ietf.org/mailman/listinfo/acme

v2.23.0 | Report a Bug | By Email