IETF Logo Mail Archive

Re: [Anima] [Technical Errata Reported] RFC8995 (7263)

Esko Dijk <esko.dijk@iotconsultancy.nl> Sat, 10 December 2022 11:24 UTC

Return-Path: <esko.dijk@iotconsultancy.nl>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 287ABC14CF02 for <anima@ietfa.amsl.com>; Sat, 10 Dec 2022 03:24:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.098
X-Spam-Level:
X-Spam-Status: No, score=-7.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=iotconsultancy.nl
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2WjmkdWm-PAT for <anima@ietfa.amsl.com>; Sat, 10 Dec 2022 03:24:06 -0800 (PST)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2122.outbound.protection.outlook.com [40.107.20.122]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F2A69C14CF0E for <anima@ietf.org>; Sat, 10 Dec 2022 03:24:05 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=JjXD4uS99rgZN5MyE/W+nWSqCarScfZgxIHlBlHrFA9qUo3563IeuTOafiqCclCg9qlyYRWz+NQIcnv+bYmlk+agVzZgyoQp1zV+AKeyAUiikusOIKxIFyDRK9tzTwCY+a/bII6qxHCod6KgOofukLi+rn/C9XfU8hhbJLKUvo5gRrvgWxt4p/geQecqsDy+bislPfX+/PUW89N5+5MuaJV3/8LENim6pXXMku9WElvk62KswVuRZ7hN0iCbuAFS2zjb6Sfc3c6z4W4WMjloS2TC8/Y3ixDc+EqZnR1UwcLeWMff83mE0iEgVc5PjYncH9WASKCJAfkJR2OB7HobQQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=jO26fBcBPPCTDtvoElmsjC1JogYGrLiAugPc7su7kWc=; b=imHXFAokXhQyCyeMiFRmao2wJsmgXlNkBPhWE9G7fkIDIhO6FELk4ZL0ENabtxlyXBUdCm1uxvPPVD49sUBGuSdhGPb76+GWY3SP+ULnw9HuNxkxEvtumJALtIJ9u40vBMrYtUCsh3jmCuPEah9OmUm+uErK5yM4AtZxywjGkibgMtwM34ZWa4GEcwRohWejAM0PBuwD5dP8rC5/AiRtjwytdliCW8LrA88GfbCF1tHC/Gx2UL004l0AL5+1ahJLRG5MSWIpTMLtyDsroELHlmmB6/Wy/RAwD4A6nw4pgtJy/E4rlmEjXD3kIalLCEzXuLelutbBmiGkfQbot/g6eg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=iotconsultancy.nl; dmarc=pass action=none header.from=iotconsultancy.nl; dkim=pass header.d=iotconsultancy.nl; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=iotconsultancy.nl; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jO26fBcBPPCTDtvoElmsjC1JogYGrLiAugPc7su7kWc=; b=J0MO+HRHKPNWaxXM/PvHW37NZrg8LUX/qM7mqW515MKJWtXA5SbJfx2xMSgeizh5mwG5wbn0v/Iu1qWbp3q0GYDoxArTBISQt+KVnzCVlYAn39QvXim3lp8VQnAmrSEvevWcf/nY5YEIp9b0OTRrZTt4FmEt0c+qNzvkTRH1jzA=
Received: from DU0P190MB1978.EURP190.PROD.OUTLOOK.COM (2603:10a6:10:3b9::20) by PR3P190MB0858.EURP190.PROD.OUTLOOK.COM (2603:10a6:102:80::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5880.19; Sat, 10 Dec 2022 11:24:00 +0000
Received: from DU0P190MB1978.EURP190.PROD.OUTLOOK.COM ([fe80::7f21:781:e808:be2]) by DU0P190MB1978.EURP190.PROD.OUTLOOK.COM ([fe80::7f21:781:e808:be2%9]) with mapi id 15.20.5880.019; Sat, 10 Dec 2022 11:24:00 +0000
From: Esko Dijk <esko.dijk@iotconsultancy.nl>
To: RFC Errata System <rfc-editor@rfc-editor.org>, "pritikin@cisco.com" <pritikin@cisco.com>, "mcr+ietf@sandelman.ca" <mcr+ietf@sandelman.ca>, "tte+ietf@cs.fau.de" <tte+ietf@cs.fau.de>, "Michael.H.Behringer@gmail.com" <Michael.H.Behringer@gmail.com>, "kent+ietf@watsen.net" <kent+ietf@watsen.net>, "warren@kumari.net" <warren@kumari.net>, "rwilton@cisco.com" <rwilton@cisco.com>, "tte@cs.fau.de" <tte@cs.fau.de>, "shengjiang@bupt.edu.cn" <shengjiang@bupt.edu.cn>
CC: "rufus.buschart@siemens.com" <rufus.buschart@siemens.com>, "anima@ietf.org" <anima@ietf.org>
Thread-Topic: [Anima] [Technical Errata Reported] RFC8995 (7263)
Thread-Index: AQHZC+H/eRArliyD40uXRJEnjzSFTK5m8MGg
Date: Sat, 10 Dec 2022 11:24:00 +0000
Message-ID: <DU0P190MB197838872826375C7351D782FD1F9@DU0P190MB1978.EURP190.PROD.OUTLOOK.COM>
References: <20221209152045.941B755D24@rfcpa.amsl.com>
In-Reply-To: <20221209152045.941B755D24@rfcpa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=iotconsultancy.nl;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DU0P190MB1978:EE_|PR3P190MB0858:EE_
x-ms-office365-filtering-correlation-id: d19f4b35-6f41-4eef-9618-08dadaa10906
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: kpI8qa3M8yQEJXkeFT/G9kBGWWQdQDAGnrG17+yHFNAXxnG82qfKiv5+R8HxbKYsp81OWiD2yDhFHK35pe+43kskpuHOlKvfIP8ZxEVONErdqoyDaEhaO/MapHkHgcKF1u4Ity7Ju1fNO87MwSVSAOg8NKLdyB6Fp9Z3guuWK4pD4j8tqaVqullJNRbq403IcIO5rjQYNZo0Sy99s93FP5EMMgp6loLUBcTXE6Kv4fOQh9xPJ82yk7gZHuqpW3b7+nTa0SPweeZiuwPfuBfoKff32WUxhs2ZWJ2LfVXU9MbWDh6xpnqGUgIgCrQmoR1dkaVOZXDMlDRxaWfWZe5iY0iDi4kXhT3slO1zBZORJFMt0tk5joV8JbYn0sNl5AfJYn+sagukiWwVNwQvwrAIv7ACT1r5WQ8loDhi1VeotiQqroG9oEFd8Mq+FvLQD1+KS9kPIbA/FenNuLUl+V5RGS1IKxp/vfvVHaQmIRKyaORpZVs+ZuW8O38ODAZrKaA9XXjK2txBIIAZHIXOi4JSm1OVRWjm+fVNXA9DJXa0VHk3UMCBPuBxnxKUQYxDcGcqBwcm0vi+tmtjKeh9UMxLuruLALGJDkxQfxR6MwPF9NfpIYjFB7Mqq3hnMr/16Ek1hRBwjrCG5wieQ19eveVRULi93CFCpijH+QLbM/km9DflAmq18k5F5LeYF4972vJpfjQPhF0FsrbT1zQjLqyRmGuqnFvHw/4fS0hAPKZyQWW2wjNA2GOb3tYIWYn0QfpC
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DU0P190MB1978.EURP190.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230022)(396003)(366004)(39830400003)(346002)(136003)(376002)(451199015)(316002)(110136005)(54906003)(38070700005)(8936002)(7416002)(5660300002)(52536014)(4326008)(8676002)(66446008)(66476007)(66946007)(64756008)(66556008)(41300700001)(9686003)(76116006)(53546011)(86362001)(7696005)(6506007)(83380400001)(186003)(33656002)(478600001)(966005)(71200400001)(2906002)(921005)(55016003)(38100700002)(122000001)(44832011); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: XSIsZgcggZw1C8LRofNUocUeYu33uuhY6ZXjCEY69kvIZJ8Mj5bzlqwup7v4LIcs24Fg8YUjSFkgxZee3xVZgKldDNPjdFsm1MjbnBaBDoILtyt1/V9qomRmUA4I58/H/s7A+JRGCpM9lLyLSv46jsbb0oFfZB2wV/b+X8QgWkVJtdOzWjVRTvb17lNjY5HZhYwTMuMU0QYOttq/1hdx37uJDSnh9dpCqBzXbFqC6j9Q5/2MzQ7PQ7/KhYTqj+dRC/uBxq1/AkYeNm9jEqYY5z8RwgqLMOr7ygwEU6AGNzxtjUjmLGh9NLuqsBp6yI3gGuhERczdNBKr5bKYR8rwIUD5s1fQwfFdOsCebKWaFgYAl3Xi+d+XudZH9pldT5sjexxQnBttxa4bShihXlTEQBbsyGONwPILc+NQwiViUt08Qg/fNk8Xm8/7Qv5d15zuq4FaMw0yc55KAyRTG0ZV1VSSjFrsygLTRe4oz7KkWWAzySWc/AT4pcY3YG0mP+4uGPvIf9QfjuPFY9phFEqZpTL3uc671DIkeQ+2CcMPyeNyHbiv/EnLVosKqSxM3Yqnb/poOuE3eQsGFdsq8+bh42vuW59SlMqwNjt8shhzA9hZPQyqzQ6eOnfEBRivAFwG4lnTck13CdDeL+mHBupcNpf6eLASdMt5cvSr3aL2XjGGD9PrghZmVZp5pfUwqUTtt1TKL8zFo5dqQUwsxoRbAyMBseNtStNnDd/bvAP8qKxn03WG+P0vVAY65ZBHJBzaTFXpIEoOtIy7+F20Rq+gfPuICdjUAPojjHVDmCg+9ldPtHdXE1kMsxrxvlMg983xsiGmASM4YHnrMb7eke/N3jB8EDZklg5DgZbR88D00TzL1pdQebHEW/0fWYmkKwOs53NeXHIReg8ARDDVW7ygsoMY38yqOmx5RLtFtmFkobgSPbqJeCWZYPp9zxzaAv7USQMuzlOwLg1I+UjDS7BvPwSXpaXADugNsqXleli49kFSwgWmlPMVZVwRUveJmxQK02XzdFZ8MyS69PeVP91ZZ5DnjZ2FfWIkRTk+FfmUpSlsEjhoVqO5T48hv13JFymhadGvUYD5rVl/9gZXN3y+F31ads1sISMU4PHQCcA2EjxqOShAlvkYvvjK5Zb8E98KLAmkaApf6dfltSrQcYV5SSE/DP7kCNkMvS/ibEAOzV6joCZil/a2WU7zq0znssHwHxLgVwJzszyJjX6k0ShWk6rlYbMl8hQW54TXeBVVDc4DqqMlGdpQyabfkJjvRMko+oSFIRiqIzQxWFxMNM9uOcq5D2wL3iTKPPw9ogouG1IpQgKNKt70Ic1JNzz6nM+Gq6aNz9osyKDTbiUNzmaX3OqXg1/BXLTWhiZrh1VP1wJwWQklsl1AeJV7HtvPBVOg9bP5kCUvd7eAe5h5geHoFkV5bkOAk2cB9KTFlvupQIm/6V/vtasjQUDByUwvqsRoBpK0Le9upR1ZslrqD2f951+2ZNfqutj2moH1Olj2T5ADZEmT0ISijJkM/Qny8lgvQt2kLL3jkhwxMK8fJwky3GOXaJ+2aaaKtBMEg8rG3k3/TC0kB5p0HGmtfNe6bxJR+TN9uYed0vgUODFGxuog/9Hixp1R3U6kgV9pqcSXWrwXGqxsh9SnZ+gqDjm8BD/+F9jMIyknzk+QqPSQxlZ/Jw==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: iotconsultancy.nl
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DU0P190MB1978.EURP190.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: d19f4b35-6f41-4eef-9618-08dadaa10906
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Dec 2022 11:24:00.1894 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 58bbf628-15d2-46bc-820b-863b6774d44b
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: O7nza5u216LgZDNiMMUttzWhw80TYh+/By2KTQHDs8DQ2fcFYRFUAVZMwaE3YXCpIwNpPHgzkQABCXwlyisr8jLzhBB+2KpXz8BSEqQj3D0=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR3P190MB0858
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/E_G824E93hAkLFPblbFYvM-pI6Q>
Subject: Re: [Anima] [Technical Errata Reported] RFC8995 (7263)
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 10 Dec 2022 11:24:11 -0000

Hi all,

The proposed text still needs some work here; I would urge the WG not to accept this in current form.  That said, using normative language in this specific part certainly helps to clarify the requirements for implementers.

As a side question to all about IETF requirements language - what is the difference between "X is included." and "X MUST be included." ?
For many years I have read sentences like "X is included" or "X is set to Y" as equivalent to a MUST.  And such sentences are used a lot in RFCs. Surely we don't want to replace all of these cases by normative language? But if it helps to clarify things for this specific case, then fine to do it. The erratum motivation / note was not saying why this particular case needs normative language.

A few points:

* corrected text has "SHOULD BE" which isn't RFC 2119 compliant.

* actually, the Registrar MUST include the idevid-issuer field, not intended as a "SHOULD". Reason: the Registrar wouldn't know if the MASA would need this field or not -- there is no signaling in-protocol by MASA to tell whether it wants this field -- so the only thing the Registrar can do is include it to cover all cases. There is no reason for the Registrar to exclude it. Or at least, I don't know one and no reason is given in the erratum note.

Regards
Esko

-----Original Message-----
From: Anima <anima-bounces@ietf.org> On Behalf Of RFC Errata System
Sent: Friday, December 9, 2022 16:21
To: pritikin@cisco.com; mcr+ietf@sandelman.ca; tte+ietf@cs.fau.de; Michael.H.Behringer@gmail.com; kent+ietf@watsen.net; warren@kumari.net; rwilton@cisco.com; tte@cs.fau.de; shengjiang@bupt.edu.cn
Cc: rufus.buschart@siemens.com; anima@ietf.org; rfc-editor@rfc-editor.org
Subject: [Anima] [Technical Errata Reported] RFC8995 (7263)

The following errata report has been submitted for RFC8995,
"Bootstrapping Remote Secure Key Infrastructure (BRSKI)".

--------------------------------------
You may review the report below and at:
https://www.rfc-editor.org/errata/eid7263

--------------------------------------
Type: Technical
Reported by: Rufus Buschart <rufus.buschart@siemens.com>

Section: 5.5

Original Text
-------------
idevid-issuer:  The Issuer value from the pledge IDevID certificate
  is included to ensure unique interpretation of the serial-number.
  In the case of a nonceless (offline) voucher-request, an
  appropriate value needs to be configured from the same out-of-band
  source as the serial-number.


Corrected Text
--------------
idevid-issuer:  The Issuer value from the pledge IDevID certificate
  SHOULD BE included to ensure unique interpretation of the serial-
  number.
  In the case of a nonceless (offline) voucher-request, an
  appropriate value MUST be configured from the same out-of-band
  source as the serial-number.


Notes
-----
The current language is no language according to RFC 2119.

Instructions:
-------------
This erratum is currently posted as "Reported". If necessary, please
use "Reply All" to discuss whether it should be verified or
rejected. When a decision is reached, the verifying party  
can log in to change the status and edit the report, if necessary. 

--------------------------------------
RFC8995 (draft-ietf-anima-bootstrapping-keyinfra-45)
--------------------------------------
Title               : Bootstrapping Remote Secure Key Infrastructure (BRSKI)
Publication Date    : May 2021
Author(s)           : M. Pritikin, M. Richardson, T. Eckert, M. Behringer, K. Watsen
Category            : PROPOSED STANDARD
Source              : Autonomic Networking Integrated Model and Approach
Area                : Operations and Management
Stream              : IETF
Verifying Party     : IESG

_______________________________________________
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima

v2.23.0 | Report a Bug | By Email