Re: [Anima] [Technical Errata Reported] RFC8995 (6649)
Chris Smiley <csmiley@amsl.com> Tue, 27 July 2021 20:43 UTC
Return-Path: <csmiley@amsl.com>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7A0ED3A122F for <anima@ietfa.amsl.com>; Tue, 27 Jul 2021 13:43:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I0-l0IHiEmis for <anima@ietfa.amsl.com>; Tue, 27 Jul 2021 13:43:42 -0700 (PDT)
Received: from mail.amsl.com (c8a.amsl.com [4.31.198.40]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9C3CE3A1209 for <anima@ietf.org>; Tue, 27 Jul 2021 13:43:42 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by c8a.amsl.com (Postfix) with ESMTP id 3A84C389FA7; Tue, 27 Jul 2021 13:43:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from c8a.amsl.com ([127.0.0.1]) by localhost (c8a.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Co4AGTJJnrGW; Tue, 27 Jul 2021 13:43:42 -0700 (PDT)
Received: from [192.168.1.12] (cpe-76-95-228-63.socal.res.rr.com [76.95.228.63]) by c8a.amsl.com (Postfix) with ESMTPSA id C5743389ECF; Tue, 27 Jul 2021 13:43:41 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
From: Chris Smiley <csmiley@amsl.com>
In-Reply-To: <20210727022931.B7906F40710@rfc-editor.org>
Date: Tue, 27 Jul 2021 13:43:40 -0700
Cc: RFC Errata System <rfc-editor@rfc-editor.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <A7B3B9AB-33F5-4A6B-832C-B7B206732E13@amsl.com>
References: <20210727022931.B7906F40710@rfc-editor.org>
To: "Max Pritikin (pritikin)" <pritikin@cisco.com>, anima@ietf.org, jiangsheng@huawei.com, Michael Richardson <mcr+ietf@sandelman.ca>, Kent Watsen <kent+ietf@watsen.net>, tte+ietf@cs.fau.de, Michael.H.Behringer@gmail.com, Warren Kumari <warren@kumari.net>, Toerless Eckert <tte@cs.fau.de>, "Rob Wilton (rwilton)" <rwilton@cisco.com>
X-Mailer: Apple Mail (2.3445.104.11)
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/62MykOnk1BR-3C8vDiNQHi4om0s>
Subject: Re: [Anima] [Technical Errata Reported] RFC8995 (6649)
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Jul 2021 20:43:56 -0000
Greetings, This errata reports a problem with Section 5.4/RFC 8995. Upon further review, we believe it should point to Section 5.5.4./RFC 8995. We have updated accordingly. Please let us know any concerns. Thank you. RFC Editor/cs > On Jul 26, 2021, at 7:29 PM, RFC Errata System <rfc-editor@rfc-editor.org> wrote: > > The following errata report has been submitted for RFC8995, > "Bootstrapping Remote Secure Key Infrastructure (BRSKI)". > > -------------------------------------- > You may review the report below and at: > https://www.rfc-editor.org/errata/eid6649 > > -------------------------------------- > Type: Technical > Reported by: Michael Richardson <mcr+ietf@sandelman.ca> > > Section: 5.4 > > Original Text > ------------- > Even when a domain CA is authenticated to the MASA, and there is > strong sales channel integration to understand who the legitimate > owner is, the above id-kp-cmcRA check prevents arbitrary end-entity > certificates (such as an LDevID certificate) from having vouchers > issued against them. > > > Corrected Text > -------------- > Even when a domain CA is authenticated to the MASA, and there is > strong sales channel integration to understand who the legitimate > owner is, the above id-kp-cmcRA check prevents arbitrary end-entity > certificates (such as an LDevID certificate) from having vouchers > issued against them. > > add: > The id-kp-cmcRA is an Extended Key Usage (EKU) attribute. > When any EKU attribute it set, then the certificate MUST have all > related attributes set. > This means that the Registrar certificate MUST also have the > id-kp-clientAuth (for use with the MASA) and the id-kp-serverAuth > (for use with the Pledge) set. > > > Notes > ----- > https://mailarchive.ietf.org/arch/msg/anima/H6Xs_f3rQAh9acOEFXEYuoZZGls/ > > Instructions: > ------------- > This erratum is currently posted as "Reported". If necessary, please > use "Reply All" to discuss whether it should be verified or > rejected. When a decision is reached, the verifying party > can log in to change the status and edit the report, if necessary. > > -------------------------------------- > RFC8995 (draft-ietf-anima-bootstrapping-keyinfra-45) > -------------------------------------- > Title : Bootstrapping Remote Secure Key Infrastructure (BRSKI) > Publication Date : May 2021 > Author(s) : M. Pritikin, M. Richardson, T. Eckert, M. Behringer, K. Watsen > Category : PROPOSED STANDARD > Source : Autonomic Networking Integrated Model and Approach > Area : Operations and Management > Stream : IETF > Verifying Party : IESG >
- [Anima] [Technical Errata Reported] RFC8995 (6649) RFC Errata System
- Re: [Anima] [Technical Errata Reported] RFC8995 (… Chris Smiley