IETF Logo Mail Archive

Re: [auth48] AUTH48: RFC-to-be 9325 <draft-ietf-uta-rfc7525bis-11> for your review

Thomas Fossati <Thomas.Fossati@arm.com> Sun, 20 November 2022 16:08 UTC

Return-Path: <Thomas.Fossati@arm.com>
X-Original-To: auth48archive@ietfa.amsl.com
Delivered-To: auth48archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3F220C14CF1B; Sun, 20 Nov 2022 08:08:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=n7gIktec; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=n7gIktec
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yFmDgl99c-9W; Sun, 20 Nov 2022 08:08:52 -0800 (PST)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on20623.outbound.protection.outlook.com [IPv6:2a01:111:f400:7e1a::623]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3F407C14CF19; Sun, 20 Nov 2022 08:08:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=S8TPTiBCZfxj2QBKOf4N+KM0oyr4DL4zSACXIMN2UnE=; b=n7gIktecex+R5KRaWOlFGr/bR6sxAZKvWVLzOtOVlCsiyktzIRgAEL7MQx0SahhvBUFS6/gGC2qfD+n8jc2VJ9Uyb0Oq0zR06+C90Jo3SL0dpqFqCONgzf4RjJ0POyeekok4S4FF0xaguSTavzs9gfJVckZTiEsbkUZWdxzyGzk=
Received: from AS9PR06CA0141.eurprd06.prod.outlook.com (2603:10a6:20b:467::13) by AS4PR08MB7454.eurprd08.prod.outlook.com (2603:10a6:20b:4e5::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5857.13; Sun, 20 Nov 2022 16:08:46 +0000
Received: from VI1EUR03FT058.eop-EUR03.prod.protection.outlook.com (2603:10a6:20b:467:cafe::e3) by AS9PR06CA0141.outlook.office365.com (2603:10a6:20b:467::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5834.15 via Frontend Transport; Sun, 20 Nov 2022 16:08:46 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;dmarc=pass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; pr=C
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by VI1EUR03FT058.mail.protection.outlook.com (100.127.144.186) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5834.8 via Frontend Transport; Sun, 20 Nov 2022 16:08:45 +0000
Received: ("Tessian outbound 58faf9791229:v130"); Sun, 20 Nov 2022 16:08:45 +0000
X-CheckRecipientChecked: true
X-CR-MTA-CID: 1e2ec011e174e620
X-CR-MTA-TID: 64aa7808
Received: from 624df387c542.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id B9CE5423-FB94-42D2-8A3A-9ACF7CEECB72.1; Sun, 20 Nov 2022 16:08:39 +0000
Received: from EUR04-HE1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 624df387c542.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Sun, 20 Nov 2022 16:08:39 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fmv6J9sOrS5pSTH2E7eYtz10OV5jUJC5yqyGwi08w+AwtVJ34DkC6Lm2b1ALSJZC+NCVm0QLw4xkvxt3RZ+JKgHikvG2kyfJJtC7eh2xEat4Ai0fWuj5ockjQVyoavAKCL2SAmsq/I+iEdi8crhNLCO/1k88SCMKzfgArk+tC0IoeB+N8Y9kShNH+O7sP+1QtZlV8I2EBuS0dij9PI/dN8+tiDVBqp1eQI9mltP7TNS+LTKZUL1y5wOeKfyepX3kQxDo8oL+jaik+AqrsA58+6FxJj6drQG+87u7pIIPnKPmsnsl0ZXPRQvH+CC1t54URYxwWeH/jZS6tdw7zDh89A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=S8TPTiBCZfxj2QBKOf4N+KM0oyr4DL4zSACXIMN2UnE=; b=HCQ0STpoxPWlUXdiEtaEXwuHL2vmnyEzfTO7oSUpiVXEF/ON+wdmtid9rPG0/APDLfslFZVHdlYXj2P5IYnMK6Qo/e79BdiJe2Kg0nsaxi0ysjj2qHsuMtUsDBRoKb5UIR5yuhvoMeQNM8VRbTDSS2H1inBlHtGRo+R61Yea4ru4O0REDpgIMXxZUHj35F0xUFPtc1rkw7Q/mJu3YWqTxtGj4lhz3mPLb8WNbf/WbTnlnG2i569zpmop4hiEowT1uV2Rrfqe4CxoTH0XUy2P3wIv6Dh756nDuByerCy5WZH8Vm0NwPSF2iuDFiMCUjna1VTpKzb24WpftArkb5+Jxw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=S8TPTiBCZfxj2QBKOf4N+KM0oyr4DL4zSACXIMN2UnE=; b=n7gIktecex+R5KRaWOlFGr/bR6sxAZKvWVLzOtOVlCsiyktzIRgAEL7MQx0SahhvBUFS6/gGC2qfD+n8jc2VJ9Uyb0Oq0zR06+C90Jo3SL0dpqFqCONgzf4RjJ0POyeekok4S4FF0xaguSTavzs9gfJVckZTiEsbkUZWdxzyGzk=
Received: from DB9PR08MB6524.eurprd08.prod.outlook.com (2603:10a6:10:251::8) by PA4PR08MB7545.eurprd08.prod.outlook.com (2603:10a6:102:26b::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5857.17; Sun, 20 Nov 2022 16:08:29 +0000
Received: from DB9PR08MB6524.eurprd08.prod.outlook.com ([fe80::17fc:ec4d:9cd4:c68e]) by DB9PR08MB6524.eurprd08.prod.outlook.com ([fe80::17fc:ec4d:9cd4:c68e%4]) with mapi id 15.20.5857.017; Sun, 20 Nov 2022 16:08:28 +0000
From: Thomas Fossati <Thomas.Fossati@arm.com>
To: Yaron Sheffer <yaronf.ietf@gmail.com>, Peter Saint-Andre <stpeter@stpeter.im>, "rfc-editor@rfc-editor.org" <rfc-editor@rfc-editor.org>
CC: "uta-ads@ietf.org" <uta-ads@ietf.org>, "uta-chairs@ietf.org" <uta-chairs@ietf.org>, "leifj@sunet.se" <leifj@sunet.se>, "francesca.palombini@ericsson.com" <francesca.palombini@ericsson.com>, "auth48archive@rfc-editor.org" <auth48archive@rfc-editor.org>
Thread-Topic: AUTH48: RFC-to-be 9325 <draft-ietf-uta-rfc7525bis-11> for your review
Thread-Index: AQHY+4e3/wj9QGy2w0aOOhRoVlcFSa5FMXT3gAAPqQCAABvMgIAA4L/ogACuL4CAAQ5Ykg==
Date: Sun, 20 Nov 2022 16:08:04 +0000
Message-ID: <DB9PR08MB6524B3C53D9AB6714E07A0DC9C0B9@DB9PR08MB6524.eurprd08.prod.outlook.com>
References: <20221118195334.3D06C55F7E@rfcpa.amsl.com> <DB9PR08MB65242DE7542344E28F46B2559C099@DB9PR08MB6524.eurprd08.prod.outlook.com> <a57597a6-e092-4c32-6ceb-4e26ae0cfca1@stpeter.im> <e437882f-58c8-b3bd-58f2-1fed3d4c7ad4@stpeter.im> <DB9PR08MB65242A0D40CD7B15C67A59F09C089@DB9PR08MB6524.eurprd08.prod.outlook.com> <CED132CB-7304-47AB-B925-D032FF260BAC@gmail.com>
In-Reply-To: <CED132CB-7304-47AB-B925-D032FF260BAC@gmail.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Authentication-Results-Original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
x-ms-traffictypediagnostic: DB9PR08MB6524:EE_|PA4PR08MB7545:EE_|VI1EUR03FT058:EE_|AS4PR08MB7454:EE_
X-MS-Office365-Filtering-Correlation-Id: ef9bbb90-b3c3-476f-7d65-08dacb11809a
x-checkrecipientrouted: true
nodisclaimer: true
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: utjuu9yuCj9YTOFZUkRd/c9Uzku3Nzh+qgL0Bwv0Ln2pFsyo1SyMRrqBQj0RbTQXnqAdwbxjXR0m3ai9/+0szd0D/SnooSNRv3A2G7GQhbD8lfJANv064slSy71qvzoH8KDVoexnV4/mu8YBNup4UayvTdQvC/teIy+MvXQ0pgco2t0NkDLVga3IBf1tjEjgkufJ8pziP7bPIadxh+fple37mijuk3QnFOMJCOd1/I0BLidS6IrS/B7Q6zwfgX9vY+f8deCO/j5TgdDQ7r0A1uPihxDjwzIbL0rB6oC0Wfdy3aDdvh2S5QkyZ8NNIrYtNzq5LiVSEF7KfmWCxDr54r5PTab2sjZA+MMtpUiMPII0f7LC7KemjKAu4kTwue60GIJIrR9A9FyytZWs+Er4Gzdn40dAVwUGV+tFegPDdZuGueaB9laTtuiSjpF02cydsDDPFXoPuReIdGxbyOiCWMK7ok9XXYgm3I7YmKSSxVHmJdztUr2q6EI4IgVtzrv7QyDiC84qDUyYQdaa6LdgcEJAW7eHLCqss2yp9KNkKRjtEOSHAefI25CkuwTJ/1pJPU/xN9g12rhv9Outo+FOJ4Gl/NVevSWDrItIWM6zi59SiSEx2vjmLlwrSR7QYlWmA/XLOCCWC+HUZj6xfhH+7UsyW89mKXFFvxExAW+uZith+EidmgpUxPioWWwWIfCjkU7BpQdF4NtLyIi66+XStw==
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB9PR08MB6524.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(4636009)(346002)(376002)(39860400002)(396003)(366004)(136003)(451199015)(478600001)(71200400001)(41300700001)(26005)(9686003)(6666004)(7696005)(6506007)(33656002)(4326008)(66446008)(5660300002)(8676002)(64756008)(66556008)(66476007)(55016003)(83380400001)(91956017)(66946007)(76116006)(86362001)(186003)(52536014)(8936002)(38100700002)(54906003)(122000001)(110136005)(2906002)(38070700005)(316002); DIR:OUT; SFP:1101;
Content-Type: multipart/alternative; boundary="_000_DB9PR08MB6524B3C53D9AB6714E07A0DC9C0B9DB9PR08MB6524eurp_"
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PA4PR08MB7545
Original-Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: VI1EUR03FT058.eop-EUR03.prod.protection.outlook.com
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id-Prvs: 1335d1aa-b5af-445e-e011-08dacb11756b
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: kakpCloEBAi9nX3KVxt8LmjB/yCcA4GFjHwPqjlyifGrOPeGu858MvhCrzhIzDw9rS/FxN5MXCuVM/B3odFL4hb8LIxcEEXSa55svo53s9Jj4a1SwQB86y5XEU6SNDE4RNubdujU95osEBGMKYXbJYutXlbfUrHEAf/GWUm9ynJnwD+3EMKqHr30cZLz5t8D+yQEDwPNRH2LaM6YlHrn7EzdatmkLriHiF9aVzEZMONnfMPGy5fSkUzwC4Jehg3vxWNLWdDkMloTzz5FgBh8JsYXxb72U5+G+oYONhrYi3jqwM6+g/6M70Fqqf7Jd1OVhWFvrE91Nly3hXSkx3HRQ66Ekvjd5RfrxSSTvm6aWNjuL6EbCPma9IXwKjTFXZCCIAas1sxDVlnToODFQ2VodzFpOdoo7O/JZdIQVAj+JTQL01Co0yKp8lC0xzafnWcRem3TxDTq8sUHVZ6wEyjoV4JYtCi+BtkgUGgLytpQD9yaGDLku+ewNe1OWpIWWbf8iaaQrhLIQBYumzkgi9TfKBEwCAvqS0I758DPJLGKDAvL0u3MStRrJnlFA60CxXWC/Vuzd3hhN8IaQIOVPoJeikJIIRv6dYGFB0VayWtQt7iNSJg1gSO/fMwAlldrh7wiL3gQGSggchgopNZiOzAjUdscnSUnTvKMNsBhFxaQ6u8=
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFS:(13230022)(4636009)(346002)(396003)(39860400002)(136003)(376002)(451199015)(46966006)(36840700001)(54906003)(110136005)(86362001)(82310400005)(336012)(47076005)(478600001)(316002)(82740400003)(41300700001)(450100002)(4326008)(8676002)(356005)(81166007)(6666004)(5660300002)(52536014)(7696005)(8936002)(6506007)(36860700001)(33656002)(83380400001)(26005)(9686003)(70586007)(70206006)(40480700001)(2906002)(186003)(55016003); DIR:OUT; SFP:1101;
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Nov 2022 16:08:45.6962 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: ef9bbb90-b3c3-476f-7d65-08dacb11809a
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-AuthSource: VI1EUR03FT058.eop-EUR03.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS4PR08MB7454
Archived-At: <https://mailarchive.ietf.org/arch/msg/auth48archive/99tBb4uo5nrQ6utJ8GeFb2LIvxA>
Subject: Re: [auth48] AUTH48: RFC-to-be 9325 <draft-ietf-uta-rfc7525bis-11> for your review
X-BeenThere: auth48archive@rfc-editor.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Archiving AUTH48 exchanges between the RFC Production Center, the authors, and other related parties" <auth48archive.rfc-editor.org>
List-Unsubscribe: <https://mailman.rfc-editor.org/mailman/options/auth48archive>, <mailto:auth48archive-request@rfc-editor.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/auth48archive/>
List-Post: <mailto:auth48archive@rfc-editor.org>
List-Help: <mailto:auth48archive-request@rfc-editor.org?subject=help>
List-Subscribe: <https://mailman.rfc-editor.org/mailman/listinfo/auth48archive>, <mailto:auth48archive-request@rfc-editor.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Nov 2022 16:08:55 -0000

Hi all,

After a full read, some further (very minor) comments.
Feel free to disregard the one marked as "missing comma", that’s how I’d do in Italian.

(BTW, I agree with Yaron’s previous batch.)

Cheers, t

---

(decrease word count)

OLD
was published when the industry was in the midst of its transition to TLS 1.2.

NEW
was published when the industry was amid its transition to TLS 1.2.

---

(missing comma)

OLD
Years later, this transition is largely complete and TLS 1.3 is widely available

NEW
Years later, this transition is largely complete, and TLS 1.3 is widely available

---

(avoiding repeating "particular")

OLD
based on their particular circumstances (e.g., for use with a particular application protocol);

NEW
based on their particular circumstances (e.g., for use with a specific application protocol);

---

(decrease word count)

OLD
Certificate chains often take up the majority of the bytes transmitted during the handshake.

NEW
Certificate chains often take up most of the bytes transmitted during the handshake.

---

(harmonise bullet-lists style)
(unless there is a stringent reason for making this an exception?)

OLD
* limit the number of names or extensions;
* use keys with small public key representations, like the Elliptic Curve Digital Signature Algorithm (ECDSA); and
* use certificate compression.

NEW
* Limit the number of names or extensions.
* Use keys with small public key representations, like the Elliptic Curve Digital Signature Algorithm (ECDSA).
* Use certificate compression.

---

(decrease word count)

OLD
shared secrets for all of its AEAD cipher suites

NEW
shared secrets for all its AEAD cipher suites

---

(harmonise RFC-quoting style in §3.8 with §3.7)

OLD
"In the event that the server supports no protocols that the client advertises, then the server SHALL respond with a fatal 'no_application_protocol' alert."

NEW
| In the event that the server supports no protocols that the client
| advertises, then the server SHALL respond with a fatal
| 'no_application_protocol' alert."

---
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email