[art] Re: Artart last call review of draft-ietf-lamps-rfc6712bis-07

Claudio Allocchio <Claudio.Allocchio@garr.it> Wed, 06 November 2024 08:44 UTC

Return-Path: <Claudio.Allocchio@garr.it>
X-Original-To: art@ietfa.amsl.com
Delivered-To: art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3F715C15153F; Wed, 6 Nov 2024 00:44:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=garr.it
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ywwajCeR59gE; Wed, 6 Nov 2024 00:44:34 -0800 (PST)
Received: from cyrus.dir.garr.it (cyrus.dir.garr.it [193.206.158.29]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 42F54C14F60E; Wed, 6 Nov 2024 00:44:30 -0800 (PST)
Received: from [193.205.240.58] (unknown [10.2.2.14]) by cyrus.dir.garr.it (Postfix) with ESMTPSA id 2AAD1A0D37; Wed, 6 Nov 2024 09:44:26 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=garr.it; s=202004; t=1730882666; bh=ZuAz8nuH5kx4/U0D7Twv2FwtOh6hprEBEq+EQf+v2+U=; h=Date:From:To:cc:Subject:In-Reply-To:References:From; b=jsiFwsxn+8K5dry+20TJTclSNK6f4wvRzQRmCcLVUbV3VPB14L04e+VUVXjWIISKA QXmn2Ht78jBG7BPkyUnopEzNPuhmN2gP7dJ7g0ZlWIldx5scb1Ue68uy3EKDlCsIeg smR0jbg4MFJyOfOtFBlYnSHQAYD4jESx3YZHFY1pd2vgp8vmQ+P1eFtkwijoYon0ZU oe7oav+zYfnyIgum8+tBnBGEkzzBz3iPrJeaXUgQm4qcItPRczQwrRu+c+3UKq9dly b5X+8CTLvSqF07Pk+XN333biIycAjRGoj8K7ZemdCyP1+u3hdJvoWGjeCV1D13ugdh tnZY5nbQbyhmw==
Date: Wed, 06 Nov 2024 09:44:25 +0100
From: Claudio Allocchio <Claudio.Allocchio@garr.it>
To: "Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com>
In-Reply-To: <DB9PR10MB571560CF874D70DDD7B608F5FE522@DB9PR10MB5715.EURPRD10.PROD.OUTLOOK.COM>
Message-ID: <a1865848-fd2a-9457-7e45-ef08720dc548@garr.it>
References: <172949493377.1906901.1334502700207332214@dt-datatracker-78dc5ccf94-w8wgc> <DB9PR10MB571560CF874D70DDD7B608F5FE522@DB9PR10MB5715.EURPRD10.PROD.OUTLOOK.COM>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Message-ID-Hash: HPFEXLSK7PW2AKGEQ22GMY7SI34JELIT
X-Message-ID-Hash: HPFEXLSK7PW2AKGEQ22GMY7SI34JELIT
X-MailFrom: Claudio.Allocchio@garr.it
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-art.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Claudio Allocchio <Claudio.Allocchio@garr.it>, "art@ietf.org" <art@ietf.org>, "draft-ietf-lamps-rfc6712bis.all@ietf.org" <draft-ietf-lamps-rfc6712bis.all@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>, "spasm@ietf.org" <spasm@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [art] Re: Artart last call review of draft-ietf-lamps-rfc6712bis-07
List-Id: Applications and Real-Time Area Discussion <art.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/art/PrluZj5U14pBnXwGjGD0TvlNwkw>
List-Archive: <https://mailarchive.ietf.org/arch/browse/art>
List-Help: <mailto:art-request@ietf.org?subject=help>
List-Owner: <mailto:art-owner@ietf.org>
List-Post: <mailto:art@ietf.org>
List-Subscribe: <mailto:art-join@ietf.org>
List-Unsubscribe: <mailto:art-leave@ietf.org>

On Tue, 5 Nov 2024, Brockhaus, Hendrik wrote:

> Claudio
>
> Thank you for your review and your comments. I am sorry for responding 
> so late. The co-authors and I wanted to consolidate the feedback to the 
> different reviews.
>
> Please see my responses to your comments inline below.
> The latest version of the draft ready for submission and a diff to the latest version on datatracker are available on github:
> - https://lamps-wg.github.io/cmp-updates/draft-ietf-lamps-rfc6712bis.html
> - https://author-tools.ietf.org/api/iddiff?doc_1=draft-ietf-lamps-rfc6712bis&url_2=https://lamps-wg.github.io/cmp-updates/draft-ietf-lamps-rfc6712bis.txt
>
> Please let me know if the proposed changes sufficiently address your 
> comments.

Hello Hendrik and all,

yes I think with the updates all my comments are addressed !

for me now it is "ready to go" :-)

all the best
>
> Hendrik
>
>> Von: Claudio Allocchio via Datatracker <noreply@ietf.org>
>> Gesendet: Montag, 21. Oktober 2024 08:16
>>
>> Reviewer: Claudio Allocchio
>> Review result: Almost Ready
>>
>> Good morning, I'm the assigned reviewer from the ARTART area.
>> This draft is almost ready but I have some suggestions before it is published.
>>
>> 1) as any document "updating" a series of previous RFCs, ensuring an easy and
>> crystal clear reading of it compared to the other documents being obsoleted or
>> updated is tricky. I generally suggest some further detailed wording, or a detailed
>> dedicated "updates and obsolets" section where it is clearly listed which sections of
>> the previous documents are affected: something like
>>
>> * RFCxxxx section x.y.z, <text> is obsoleted
>>
>> etc...
>
> [HB] Thank you for pointing this out. I changed the Abstract and Section 1.2 to improve this.
> Abstract
> OLD
>   It includes the updates on RFC 6712 specified in CMP Updates RFC 9480
>   Section 3 and obsoleted both documents. These updates introduce CMP
>   URIs using a Well-known prefix.
> NEW
>   It includes the updates to RFC 6712 specified in RFC 9480 Section 3. These
>   updates introduce CMP URIs using a Well-known prefix. It obsoletes RFC 6712
>   and together with I-D.ietf-lamps-rfc4210bis and it also obsoletes RFC 9480.
>
> Section 1.1
> OLD
>   CMP Updates [RFC9480] updated [RFC6712], supporting the PKI
>   management operations specified in the Lightweight CMP Profile
>   [RFC9483], in the following areas:
> NEW
>   CMP Updates [RFC9480] updated Section 3.6 of [RFC6712],
>   supporting the PKI management operations specified in the Lightweight
>   CMP Profile [RFC9483], in the following areas:
>
> Section 1.2
> OLD
>   This document obsoletes RFC 6712 [RFC6712]. It includes the changes
>   specified by CMP Updates [RFC9480] Section 3 as described in
>   Section 1.1 and added the requirement on providing the Content-Length
>   header field in Section 3.4.
> NEW
>   This document obsoletes [RFC6712]. It includes the changes specified in Section
>   3 of [RFC9480] as described in Section 1.1 of this document, removed the
>   requirement to support HTTP/1.0 [RFC1945] in accordance with Section 4.1 of
>   [RFC9205] and removed Section 3.8 of [RFC6712] as it contains information
>   redundant with current HTTP specification.
>
>>
>> 2) clarification about the use of the wide range of HTTP protocol options (section
>> 3.8). "SHOULD" is inappropriate normative here --> "should".
>> Furthermore, it may be more useful to create a list of suggested HTTP features to
>> use or mandatory HTTP features to use, so that all implementation try to stick with
>> it, instead of just suggesting not to use the not needed HTTP parts.
>
> [HB] Thank you for pointing this out. We dropped the complete Section 3.8.
>
>>
>> 3) section 3.6 examples: https instead of http ?
>
> [HB] We would prefer keeping "http". The TLS layer is an optional addition, if needed, because
> - CMP does not necessarily require transport layer protection if data-origin authentication using MAC-based or signature-based message protection is applied.
> - There are cases where an entity initially has no certificate and no trust anchor. In these cases, it would even be unable to perform TLS server authentication.
> See also Section 5 Topic 5.
>
> Anyhow, we added the following note to the end of Section 3.6:
> NEW
>   Note that https can also be used instead of http, see item 5 in the Security
>   Considerations (Section 5).
>
>>
>> 4) section 4: shall we suggest also "what to do" (a coherent behaviour) when we hit
>> implementations with an old non standard approach in transferring CMP over
>> HTTP?
>
> [HB] We updated Section 4 as follows:
> OLD
>   Implementors should be aware that implementations might exist that
>   use a different approach for transferring CMP over HTTP, because
>   RFC 6712 [RFC6712] has been under development for more than a
>   decade. Further, implementations based on earlier drafts of RFC 6712
>   [RFC6712] might use an unregistered "application/pkixcmp-poll" MIME
>   type.
> NEW
>   Implementers should be aware that other implementations might exist that use
>   a different approach for transferring CMP over HTTP. Further, implementations
>   based on earlier I-Ds the led to [RFC6712] might use an unregistered
>   "application/pkixcmp-poll" Media Type. Conforming implementations MAY
>   handle this type like "application/pkixcmp".
>
>>
>> all the rest is ok for me.
>>
>> all the best
>> Claudio
>>
>>
>
>

------------------------------------------------------------------------------
Claudio Allocchio             G   A   R   R          Claudio.Allocchio@garr.it
                        Senior Manager and Advisor
tel: +39 040 3758523      Italian Academic and       G=Claudio; S=Allocchio;
fax: +39 040 3758565        Research Network         P=garr; A=garr; C=it;

      PGP Key: https://www.cert.garr.it/servizi/informazioni-su-pgp-keys