IETF Logo Mail Archive

Re: [Anima] Adam Roach's Discuss on draft-ietf-anima-bootstrapping-keyinfra-22: (with DISCUSS and COMMENT)

Adam Roach <adam@nostrum.com> Fri, 12 July 2019 21:29 UTC

Return-Path: <adam@nostrum.com>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 802C9120118; Fri, 12 Jul 2019 14:29:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.68
X-Spam-Level:
X-Spam-Status: No, score=-1.68 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=nostrum.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Thjv-oE3RSHF; Fri, 12 Jul 2019 14:29:46 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 486961200D5; Fri, 12 Jul 2019 14:29:46 -0700 (PDT)
Received: from MacBook-Pro.roach.at (99-152-146-228.lightspeed.dllstx.sbcglobal.net [99.152.146.228]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id x6CLTb1j066530 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Fri, 12 Jul 2019 16:29:39 -0500 (CDT) (envelope-from adam@nostrum.com)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nostrum.com; s=default; t=1562966980; bh=Vt1rvcaKBG4IQQtZHtBGthGoIiJu3XpIo20uwVJnt7g=; h=Subject:To:Cc:References:From:Date:In-Reply-To; b=PQ98f6M6NusLc/ZJKrmKTNnFp8/q4KAaSeDPiEsMuZGKgReSRKAClOLJBmOeyRdh5 FfAuVDrOQnYHmBqckyaonUoxHI3oEkrpACMy0DPnukXYQtmmknmfiBf9QMaSIjoYEV 1GQgS07xrEO2wZ3s+PQdqt814jQ8SuYEa1WKooPM=
X-Authentication-Warning: raven.nostrum.com: Host 99-152-146-228.lightspeed.dllstx.sbcglobal.net [99.152.146.228] claimed to be MacBook-Pro.roach.at
To: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: The IESG <iesg@ietf.org>, draft-ietf-anima-bootstrapping-keyinfra@ietf.org, Toerless Eckert <tte+ietf@cs.fau.de>, anima-chairs@ietf.org, anima@ietf.org
References: <156282703648.15280.17739830959261983790.idtracker@ietfa.amsl.com> <11332.1562965650@localhost>
From: Adam Roach <adam@nostrum.com>
Message-ID: <d416d709-c428-d8f1-7236-6e7882c8c08a@nostrum.com>
Date: Fri, 12 Jul 2019 16:29:32 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Thunderbird/60.7.2
MIME-Version: 1.0
In-Reply-To: <11332.1562965650@localhost>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/MwawdLb-Hhuy4Q4xz2ba87mtfMU>
Subject: Re: [Anima] Adam Roach's Discuss on draft-ietf-anima-bootstrapping-keyinfra-22: (with DISCUSS and COMMENT)
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Jul 2019 21:29:48 -0000

Thanks for your reply. Responses to questions below.

On 7/12/19 4:07 PM, Michael Richardson wrote:
>
>      > ---------------------------------------------------------------------------
>
>      > §5.6
>
>      >> {
>      >> "ietf-voucher:voucher": {
>      >> "nonce": "62a2e7693d82fcda2624de58fb6722e5",
>      >> "assertion": "logging"
>      >> "pinned-domain-cert": "base64encodedvalue=="
>      >> "serial-number": "JADA123456789"
>      >> }
>      >> }
>
>      > This JSON is syntactically invalid. Please run this example and all other
>      > instances of JSON in this document through a validation tool.
>
> I have moved all of our examples json into separate files in our directory so
> that we can validate them better, and added the validation to the Makefile.
> I see that "FALSE" is not valid, but "false" is.
> Please note that we know we have to renumber the figures.
>
> In the appendix, we have examples of the JSON that is inside the CMS.
> These are from real examples, and we have the private keys so that implementors
> can make sure they can produce the same outputs.
>
> The pinned-domain-cert has base64 in it, and it's more than 60 characters
> wide.  I noticed it wasn't wrapped at all in -22, and just fixed that to be
> wrapped at 60 characters, but then, it isn't valid JSON, because it has
> LF in the "".  I shall leave a note, but maybe you have a better suggestion here.


Your approach is fine. Many other protocols make the same kind of note 
when they need to break the syntax for RFC format purposes. The only 
other thing I've seen done is taking the whole message and bas64 
encoding it, but that makes it less useful as an illustration in this 
case, so I would advise against it.


>      > §5.8.1:
>
>      >> Distribution of a large log is less than ideal.  This structure can
>      >> be optimized as follows: Nonced or Nonceless entries for the same
>      >> domainID MAY be truncated from the log leaving only the single most
>
>      > Nit: "truncate" means to shorten something by removing only the beginning or
>      > only the end. I believe that you mean "omitted" (here and elsewhere in this
>      > section).
>
> How about*abridged*? I also used omitted where it referred to a single entry.


"Abridged" seems a bit awkward: the *structure* is abridged, but the 
*entries* are omitted or elided or removed or excised or suppressed.


You have two other queries, but they're addressed to other people. Let 
me know if you'd like my perspective on them.

/a

v2.23.0 | Report a Bug | By Email