[art] Re: Artart last call review of draft-ietf-lamps-rfc6712bis-07
"Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com> Tue, 05 November 2024 11:52 UTC
Return-Path: <hendrik.brockhaus@siemens.com>
X-Original-To: art@ietfa.amsl.com
Delivered-To: art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DEA69C14F6AF; Tue, 5 Nov 2024 03:52:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=siemens.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Za73G4HS4Jh9; Tue, 5 Nov 2024 03:52:23 -0800 (PST)
Received: from EUR02-DB5-obe.outbound.protection.outlook.com (mail-db5eur02on2057.outbound.protection.outlook.com [40.107.249.57]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature ECDSA (P-256)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0A48FC2160A0; Tue, 5 Nov 2024 03:51:20 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=dsBJkAaE+LM71FrFprJN90tsVM6jIbXzIhqN+9miygzyBZGmSO2kd1fWlzPXDBn4mpwFb/pm03Y6semA3yTaPZaNe9F3F+QWoHsqdMrkFkjvtV5Zr33mUmroryefy7NIc3ULwI59s1e7P17tt7nRIaOsBhAH3iAjv5nVpbCCPd3J2I026td1ABSqKbLgIFFWH5Kucs70qk7VEwtQpAJA+g4llq8sBUMgJm//YyAUWIB0ie89NhcU2cZyDt+acbY5E24ml/1Hcp/pD0ZyF3KS0gQD4A0Mg7iPHacrZqiLhsrPQxkzAxUlOM/TMz4NzfhToj6FpxQbqD3dF8oltqCkRA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=xwoC5iRnQF/cdxELgEutRBkNakPG0eLnghsd09S1/W0=; b=WRDkf9MR9WEUB8kXKTH37L6/ba6PL2hrm8cLyEvxiz8VIP1H23wCfHarsFaIix6upzl09a9rX+5I4NJu4iW4+QerOshQUsNKtbhyCfww9VLd56UJYMRnBg4Kh8vV/rn6bBJrVW0CciHBSs4xrMFUZ/bLebNWWVuL6kuZ1RR9bxnEq56fGYVOPCCbr3ZEZSaTf+FGNWpmr9sra4zMfpNnbqqW2TGm8hNvga1dZ4vBseUOyUVn9N+HIQyd+Hqtj47HUFVaAdqDGf/SHP9Bf+oSOCZKz0344SeRgecyPOsa5mJIhiHqbkQ3s79kbR/+k6MoaqaflFvekJMjkPEq20k1Ww==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xwoC5iRnQF/cdxELgEutRBkNakPG0eLnghsd09S1/W0=; b=Vfm10cJGVgYusnmgKFAnft/rbC5HhAdC641owi/LPg6wsreREfh0YjCa8uMC2+c3RrAxwQs9/LocnuSau5753ZUetgURce1kwX7ranyAc1Ag7x4owsB3Bi13Zf01viQKuC7FmEo4gUWwOnQyKyjour8UIwqUhRohBXgNw+KVqa8Kza/LwgN//5YvVx2mnCqk4tdjLLz0yHraTytBR7YswbK2k0u2JcUk0e3h+agNiIPTHX+69D+VCwZ3WLarFGU6T4FkEc9a1dPUJMvG4+Ih7k7nEW/OafM6jGEx5isyOIOV+F2wq0i/fVAeybcqkhUnz1wpqykPrclqCo4fCuOEgg==
Received: from DB9PR10MB5715.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:2ee::5) by DB8PR10MB3979.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:140::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8137.18; Tue, 5 Nov 2024 11:51:17 +0000
Received: from DB9PR10MB5715.EURPRD10.PROD.OUTLOOK.COM ([fe80::8b02:6852:93f4:50a]) by DB9PR10MB5715.EURPRD10.PROD.OUTLOOK.COM ([fe80::8b02:6852:93f4:50a%6]) with mapi id 15.20.8137.018; Tue, 5 Nov 2024 11:51:17 +0000
From: "Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com>
To: Claudio Allocchio <Claudio.Allocchio@garr.it>, "art@ietf.org" <art@ietf.org>
Thread-Topic: Artart last call review of draft-ietf-lamps-rfc6712bis-07
Thread-Index: AQHbI4kHUg6N+CjEGEuKbk4Fv/X8MLKliuMA
Date: Tue, 05 Nov 2024 11:51:17 +0000
Message-ID: <DB9PR10MB571560CF874D70DDD7B608F5FE522@DB9PR10MB5715.EURPRD10.PROD.OUTLOOK.COM>
References: <172949493377.1906901.1334502700207332214@dt-datatracker-78dc5ccf94-w8wgc>
In-Reply-To: <172949493377.1906901.1334502700207332214@dt-datatracker-78dc5ccf94-w8wgc>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_ActionId=526b4f62-ad84-47cc-8178-057175e41d99;MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_ContentBits=0;MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_Enabled=true;MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_Method=Standard;MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_Name=restricted;MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_SetDate=2024-11-03T12:07:40Z;MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_SiteId=38ae3bcd-9579-4fd4-adda-b42e1495d55a;
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=siemens.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DB9PR10MB5715:EE_|DB8PR10MB3979:EE_
x-ms-office365-filtering-correlation-id: f0e8e2d6-6acc-491a-73b7-08dcfd90286e
x-ms-exchange-atpmessageproperties: SA
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|376014|366016|1800799024|38070700018;
x-microsoft-antispam-message-info: YwgbqC2WkxfASsVKiiQxhI4e8Rnwiv83hyidLcCev0DywGR58hPvHlQ8wJak0hvtMZgd4XFVkyLdT/+iZYTreMFtlwuJdG+mg8P+Pfo6/52uBy9UUZKQScBjz4n6HPB5g2H7bUpXBOD3DZ2A9661xffRZlKnvdLcXISVxpX5I/xQAvfdYuaPP6sCUfx2AZAqh8Kz+WMl/npEV1PdJOIYcOKk22s1ah93nc5wTSHa1OBPcOp3Z/vN8qmkVXnmcn4/XTslVWgaKLg4cB6aKjzCIo3gcxercNuTcgkIOugD1gvy4NpDyiSgRDIr/g8EmHlCa4f5tkoWG1q1H5mmu2oOvkzA2nuipFTsc6B/ob4O8vIQLTeHIhkOojBbVCD5XAf4v7E9xXLr3VJj5qVDY4oWAFbDGZoTXf192c84i9FU4UitDmZg+fv6QZLx+zmRZ8URNW1CG4wI/KzSkss8KhGC9dCGVE3OwpzfoLEw7d+ZB4Hy/oe/0YmH4LyXEI8QFpRwMS/JjjuKy18t1F/Ht3vxPFHzZ4KcSHERrRf1Xo6Qh84Juy2hL0MIM/x+5QEOvtm8eewPNdSveMUIz+K9ABL7qAV/neo+ms3f5hQW0+AtGu6SOI5borvJTC/Jr11p3yfWuNZ69642iHFY+sVZTRTzOMLVBbrTrP4YDmVzLHwUggOX6nf1AqPjfBGvC1AGOhLwBx37Vvp9aY58Bci8TomUgzXDkF+7tpsy1E1iCfGwyCZoLMAy9Ydv//vuoGO6SYaIvHxSgaMx2a9VK7nSBe+SyhqgiyeX6wqq/s5fq41Wtb4LrCcPpdRTOzxf1fHGabjwSa4J2esIhaBVhVWeSvYq4WDQwRQD7zemsj7IGlRG9D5wal0hkM+QxCp1jwFljAqwlju8bn4xgmNvWw6ZNByYTPeSjx5CpzwmWrjc1naq5d44pSrK25Uf7fqBAmqaW+nGpG/sxG1a9Ns8jezl0eHvqib2oCgzh8w7KpnM6BjIiV6qtGNyEk3FnlmOMDTdddrrSQli1Am+LZZL1DKCNzqofx6UHZmAizU5/FfkqAs2XoHRFlWoQOW1jBod4/9ThbxtZsQksadvX2P2n3f2TmCO7TRdhyoqcF5rJlMfhMzRcX99ajEAQzEOHbsPnH9wRJShv0lNlsTye2z/rKWFzC608+t+yxpJtZa80vA/i1rrcSFH4bheMnu59MIuLcfNfaQomNr8SpZ7JNprTGsc+dlqqyWgu8f4PloVjjNzU8n0r1Eq+hh+I6PI61qydIz9RARAUCkPFk8p3jMkSGRbXPC1FJiwlJs23oYsw7jn8RiwHZxabNwN8+ph2FD/vzkXtLaK
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DB9PR10MB5715.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(376014)(366016)(1800799024)(38070700018);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: Z1icOeSXTR8XLsG3oinTiVRhfFq0NF+MXQGXmrEtI1fZuV9Llz+wnWXI78fjz4xQGuulagKKJBlpfDqBBvFW/l55NzBbWgIY7RtsUZaFKYKoLyohN7PXh7JB/9vG6nZZR8FS5uPHHxZOmySAgMVUgujz7KSjG/X2lQshjcH04e/tMsOszLPLjRNhla0l9zOIOVnnHrIgobB9KNvpIfAW/BZz5naHwim7nS/bIZHdbmNwh0NS8G75tVxIi4yc5kPbxu2O5Qik4/qF6ODc4PwYqW9C4oen06TUCUmGTqW/7if6sn9eCwWmmfpQYKpEjqvv5qEixEGmPb0AoVyxRJhpJ0zIFEa5+UOxXW9V0yM2gmsq8JfF6yIkVyVywGcOP8p8vv9p5ZRUgqeoudlQ0YpPiisqXe+pj77KMilSSfP1zzu3M+8sGWV7jNQZ0V24vkpc2JDWaKyMu93P6R0b0c8aIYDw3wkYUED9XAwx2vgFC4l9SdsIo/HFgdNhoy+xpqrfYd5oXFkgHg3xpKIRXkWNy6aBRKlsieVE3N8W8ynBT3ARCvq1Epm2f9sdBLsq/i+mH2Rb3WnJEy5I7C8iCEhtP1Q/Dbi+6RDhL7r/WpArlFTILQQl5wdayCE4s16Z6PzRT7fqqssx4g3gIGPITeQEURx1QvLJA7nxPtjsLRM438yzxi4L9oxtCY9INddrxhnkfZmG7vp6TRxtOlyM88GWRdcYVGYqUoTNtHAXdWH4NHf6dDYSu+TdSKNUNWeudkZCA0vodI0ZjjKnOoJuzpBpdmrkAPJ+z4oT7B5Im/R/KvBB5QyCk8PFbruLXJVc8ED1OHJZy8yAnCORdUZEC9aqSegrCP3CiAStLzhosiFMYjcIe5mWOHnjH9DLtMo9iUQPLleqzpXCl7pGGconkOCHnEIfDAjfKlb7K+JSo3J58yR/+s0HjbdO13CZAdWzZW7p77r2SQklyvtJyqHNgwZcZUGcA1dDFyY6v2WhVuN372cJhEMJdswGcLz6rAP92Z3J6/rwEEMlb5XX+npRC/cXbZ/VPqNFvwksAx4jqMd45+VDcPFqIGDth1HUuDcKAtARVyNTVSdziDBSd9hA/Njsp+8PRqXb1PmND68NmVZvyswHqsvfkFxjORm5ZkPyAJLm8k/GEDAIteRR18EgDmHqdLz9S2j18E4rS/Rj8FCPQ5dBAJAePxw/Pe5yDGaPSIKrw9FzWe3x/di9NKekWPt3XIJ1zARgQeXYV7Uau3bCRn7BrsEXkZHJEngJr7gUj8AJBePvx37f1DUPvw1PelS7x++qWJbLDbqgvcOBLOZweoUNlY4NjnfycTJ1UXR3+q1gj6tcQT75D1WQaDpKb/Bi0T0VD0E/ZExIlQ1jHRsUWSdQ5oTF3CA/gE5q8BDbm4jlxZZp6PxbS31nO3hHrRDpx+lS2F0/DC35oOjiOXtps2C6LeH+IbTgO4135311lCZqsm8qQToERqTFntGEsJJc2lSGqPG4AgtIh4nZL7C9bFMeaE4HvDOe1pwrT9ydX/+m6r13Al/RxkG5Fwzv5ByPcCv/ZgtjmItT9+nonA/imPBYcZ1ZfLeYk6U1QPjWo0Dccs797bOVp/Q3x1v9xTxmLA==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: siemens.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DB9PR10MB5715.EURPRD10.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: f0e8e2d6-6acc-491a-73b7-08dcfd90286e
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Nov 2024 11:51:17.4943 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: AmMW/S87Z4cAV6EGKSyDpO+wFDjqfM9la8pk6a8F5qk0rkUvPCX6xCQzNeazFM5Bsc023az2r3SUwgrywVTnePTiQX4K2vEHv/UC+EavI5g=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB8PR10MB3979
Message-ID-Hash: KUFUBMMZ6FSKORX4HNJSYH6EGXVF4RVY
X-Message-ID-Hash: KUFUBMMZ6FSKORX4HNJSYH6EGXVF4RVY
X-MailFrom: hendrik.brockhaus@siemens.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-art.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "draft-ietf-lamps-rfc6712bis.all@ietf.org" <draft-ietf-lamps-rfc6712bis.all@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>, "spasm@ietf.org" <spasm@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [art] Re: Artart last call review of draft-ietf-lamps-rfc6712bis-07
List-Id: Applications and Real-Time Area Discussion <art.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/art/8taVCmSnLAbVnjtGXpPrYVFdWzk>
List-Archive: <https://mailarchive.ietf.org/arch/browse/art>
List-Help: <mailto:art-request@ietf.org?subject=help>
List-Owner: <mailto:art-owner@ietf.org>
List-Post: <mailto:art@ietf.org>
List-Subscribe: <mailto:art-join@ietf.org>
List-Unsubscribe: <mailto:art-leave@ietf.org>
Claudio Thank you for your review and your comments. I am sorry for responding so late. The co-authors and I wanted to consolidate the feedback to the different reviews. Please see my responses to your comments inline below. The latest version of the draft ready for submission and a diff to the latest version on datatracker are available on github: - https://lamps-wg.github.io/cmp-updates/draft-ietf-lamps-rfc6712bis.html - https://author-tools.ietf.org/api/iddiff?doc_1=draft-ietf-lamps-rfc6712bis&url_2=https://lamps-wg.github.io/cmp-updates/draft-ietf-lamps-rfc6712bis.txt Please let me know if the proposed changes sufficiently address your comments. Hendrik > Von: Claudio Allocchio via Datatracker <noreply@ietf.org> > Gesendet: Montag, 21. Oktober 2024 08:16 > > Reviewer: Claudio Allocchio > Review result: Almost Ready > > Good morning, I'm the assigned reviewer from the ARTART area. > This draft is almost ready but I have some suggestions before it is published. > > 1) as any document "updating" a series of previous RFCs, ensuring an easy and > crystal clear reading of it compared to the other documents being obsoleted or > updated is tricky. I generally suggest some further detailed wording, or a detailed > dedicated "updates and obsolets" section where it is clearly listed which sections of > the previous documents are affected: something like > > * RFCxxxx section x.y.z, <text> is obsoleted > > etc... [HB] Thank you for pointing this out. I changed the Abstract and Section 1.2 to improve this. Abstract OLD It includes the updates on RFC 6712 specified in CMP Updates RFC 9480 Section 3 and obsoleted both documents. These updates introduce CMP URIs using a Well-known prefix. NEW It includes the updates to RFC 6712 specified in RFC 9480 Section 3. These updates introduce CMP URIs using a Well-known prefix. It obsoletes RFC 6712 and together with I-D.ietf-lamps-rfc4210bis and it also obsoletes RFC 9480. Section 1.1 OLD CMP Updates [RFC9480] updated [RFC6712], supporting the PKI management operations specified in the Lightweight CMP Profile [RFC9483], in the following areas: NEW CMP Updates [RFC9480] updated Section 3.6 of [RFC6712], supporting the PKI management operations specified in the Lightweight CMP Profile [RFC9483], in the following areas: Section 1.2 OLD This document obsoletes RFC 6712 [RFC6712]. It includes the changes specified by CMP Updates [RFC9480] Section 3 as described in Section 1.1 and added the requirement on providing the Content-Length header field in Section 3.4. NEW This document obsoletes [RFC6712]. It includes the changes specified in Section 3 of [RFC9480] as described in Section 1.1 of this document, removed the requirement to support HTTP/1.0 [RFC1945] in accordance with Section 4.1 of [RFC9205] and removed Section 3.8 of [RFC6712] as it contains information redundant with current HTTP specification. > > 2) clarification about the use of the wide range of HTTP protocol options (section > 3.8). "SHOULD" is inappropriate normative here --> "should". > Furthermore, it may be more useful to create a list of suggested HTTP features to > use or mandatory HTTP features to use, so that all implementation try to stick with > it, instead of just suggesting not to use the not needed HTTP parts. [HB] Thank you for pointing this out. We dropped the complete Section 3.8. > > 3) section 3.6 examples: https instead of http ? [HB] We would prefer keeping "http". The TLS layer is an optional addition, if needed, because - CMP does not necessarily require transport layer protection if data-origin authentication using MAC-based or signature-based message protection is applied. - There are cases where an entity initially has no certificate and no trust anchor. In these cases, it would even be unable to perform TLS server authentication. See also Section 5 Topic 5. Anyhow, we added the following note to the end of Section 3.6: NEW Note that https can also be used instead of http, see item 5 in the Security Considerations (Section 5). > > 4) section 4: shall we suggest also "what to do" (a coherent behaviour) when we hit > implementations with an old non standard approach in transferring CMP over > HTTP? [HB] We updated Section 4 as follows: OLD Implementors should be aware that implementations might exist that use a different approach for transferring CMP over HTTP, because RFC 6712 [RFC6712] has been under development for more than a decade. Further, implementations based on earlier drafts of RFC 6712 [RFC6712] might use an unregistered "application/pkixcmp-poll" MIME type. NEW Implementers should be aware that other implementations might exist that use a different approach for transferring CMP over HTTP. Further, implementations based on earlier I-Ds the led to [RFC6712] might use an unregistered "application/pkixcmp-poll" Media Type. Conforming implementations MAY handle this type like "application/pkixcmp". > > all the rest is ok for me. > > all the best > Claudio > >
- [art] Artart last call review of draft-ietf-lamps… Claudio Allocchio via Datatracker
- [art] Re: Artart last call review of draft-ietf-l… Brockhaus, Hendrik
- [art] Re: Artart last call review of draft-ietf-l… Claudio Allocchio