IETF Logo Mail Archive

Re: [auth48] [AD] AUTH48: RFC-to-be 9399 <draft-ietf-lamps-rfc3709bis-10> for your review

Stefan Santesson <stefan@aaa-sec.com> Fri, 28 April 2023 16:19 UTC

Return-Path: <stefan@aaa-sec.com>
X-Original-To: auth48archive@ietfa.amsl.com
Delivered-To: auth48archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1EC4BC1CAB3B for <auth48archive@ietfa.amsl.com>; Fri, 28 Apr 2023 09:19:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EbG2CWuno9Je for <auth48archive@ietfa.amsl.com>; Fri, 28 Apr 2023 09:19:02 -0700 (PDT)
Received: from smtp.outgoing.loopia.se (smtp.outgoing.loopia.se [93.188.3.37]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 99126C1CAB3F for <auth48archive@rfc-editor.org>; Fri, 28 Apr 2023 09:17:44 -0700 (PDT)
Received: from s807.loopia.se (localhost [127.0.0.1]) by s807.loopia.se (Postfix) with ESMTP id 22C622F5457A for <auth48archive@rfc-editor.org>; Fri, 28 Apr 2023 18:10:38 +0200 (CEST)
Received: from s981.loopia.se (unknown [172.22.191.5]) by s807.loopia.se (Postfix) with ESMTP id 12E312E2944B; Fri, 28 Apr 2023 18:10:38 +0200 (CEST)
Received: from s474.loopia.se (unknown [172.22.191.6]) by s981.loopia.se (Postfix) with ESMTP id 0C16F22B177D; Fri, 28 Apr 2023 18:10:38 +0200 (CEST)
X-Virus-Scanned: amavisd-new at amavis.loopia.se
Received: from s979.loopia.se ([172.22.191.5]) by s474.loopia.se (s474.loopia.se [172.22.190.14]) (amavisd-new, port 10024) with LMTP id DMRWjSvq7d3n; Fri, 28 Apr 2023 18:10:36 +0200 (CEST)
X-Loopia-Auth: user
X-Loopia-User: mailstore2@aaa-sec.com
X-Loopia-Originating-IP: 85.235.7.89
Received: from [192.168.1.217] (gw.aaa-sec.ideon.se [85.235.7.89]) (Authenticated sender: mailstore2@aaa-sec.com) by s979.loopia.se (Postfix) with ESMTPSA id 2C5F210BC3CA; Fri, 28 Apr 2023 18:10:36 +0200 (CEST)
Message-ID: <6cbd0b09-dd49-93db-a694-bdde55b7509c@aaa-sec.com>
Date: Fri, 28 Apr 2023 18:10:35 +0200
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Content-Language: sv-SE, en-GB
To: Alanna Paloma <apaloma@amsl.com>, Russ Housley <housley@vigilsec.com>
Cc: RFC Editor <rfc-editor@rfc-editor.org>, "Roman D. Danyliw" <rdd@cert.org>, Stefan Santesson <sts@aaa-sec.com>, Trevor Freeman <frtrevor@amazon.com>, Leonard Rosenthol <lrosenth@adobe.com>, lamps-ads@ietf.org, LAMPS Chairs <lamps-chairs@ietf.org>, Tim Hollebeek <tim.hollebeek@digicert.com>, auth48archive@rfc-editor.org, Carsten Bormann <cabo@tzi.org>
References: <20230407181524.E739B7FDC0@rfcpa.amsl.com> <ACE9B926-FB1B-4ED2-973F-13B61E25AC59@tzi.org> <4C588A9B-A63E-447E-BA32-4FBED6B00A52@vigilsec.com> <EEF19E07-F362-412D-A9BC-BA7B94411B30@tzi.org> <D16DC362-9EBB-43CA-935E-A12FEF84F64C@vigilsec.com> <16BA8E25-8ACF-4DF5-8D24-773E2796D989@tzi.org> <0A24F906-7F87-43A9-8B5C-4049839FD969@vigilsec.com> <B624C581-49CB-473B-9133-89109C82741D@tzi.org> <D772A5DF-3C30-4596-A748-53CF04702BCE@vigilsec.com> <D21F6756-C2AD-4BD3-A483-A9E9A10E6158@tzi.org> <B866202C-3073-41AE-BD03-57AD0323503A@amsl.com> <0FD1353E-9DFE-434C-A975-C0509DB9777D@tzi.org> <B73DE7BE-4596-4AF7-812A-A4132CF52156@vigilsec.com> <386B68B0-2CC7-401C-8CB4-619C65CECBB1@tzi.org> <D6676E31-7723-448B-901B-46ED9E1F0822@vigilsec.com> <56202EBA-3786-4223-9558-80CAFDBBCAA3@amsl.com> <400DDF13-5BCC-4F00-912B-FB301A8EF395@vigilsec.com> <E205A72C-8BDE-4501-8BBA-D3185DADBAA9@amsl.com> <B6B905DE-7529-4B28-9484-429310F66D89@vigilsec.com> <B84822AE-8382-4A5F-87C7-379F8202E3A6@amsl.com>
From: Stefan Santesson <stefan@aaa-sec.com>
Autocrypt: addr=stefan@aaa-sec.com; keydata= xsDNBGB0SQwBDADRZIRQH2PciJEmsZ7noEFV8jdtUoB/3AiNPg5CYWJz3YlB1ZyqizIYRXlY EzhIcHRCdn+NrJvReq3Xi3kvycqvhUrrxMIxMYY7YZEripjrbyleFbbZjX4oCu+CTRj8y1Wo V6h9fLlpdqEriXwQ1brs1F/4KmHXTli4FIAmRTzdGBDWgD9sg2UmuloC4+A3d2Zoo6D6Tbjv Piyy3hwqdxjOF0tXSrtH9OXkyoIlmOdaHKLT3hB7nRlurq7dWZYGsnWIIg6YIMwA/eo6OHry nq9OpQ2Zktz40r6WaOARM4RTJgBI45BgR0IVXGJG3ie05lrORYxfLKJ9//JR+4VqY/6RC85C L5Ch6KH7smzraNZXZWPlDjrs25O0X2PwEwv676vJ9tDY7oLN0RHpVMYFx2GOKAYtH0K1BAwY yFlSNRmLbSjNPnGN4yk6ad5J6HB/Z9A0On/Ud2R8eXR5ZJVBNDdcCjM2L2WleRoTbh52DmhX yisi1loEROOZjaqfBf03jlsAEQEAAc0lU3RlZmFuIFNhbnRlc3NvbiA8c3RlZmFuQGFhYS1z ZWMuY29tPsLBDwQTAQgAORYhBKkgqX8QoC/CtVBH1S8bGjmXZjPRBQJgdEkMBQkFo5qAAhsD BQsJCAcCBhUICQoLAgUWAgMBAAAKCRAvGxo5l2Yz0S+7C/94cy3pZYEK9E1PCSwtSYcVrpuJ FwEioeoswoCVU5JzCdiyv4kSP3+lY35Z71Dw1pzoBrSsLb7xbRLrEdoM05AQqRK3eaioI/8R nbPg5M+H86m7Y7bxYzBpcJ+ipNCvA2BbE+2YLSmHEEA0nTWbXtamqib+5jWRd0i/DTtTCzaP /IVSxy7PVcyB8KEF09Go5LFeZOJquIyfHU1KVjG+8UxKSjcyO3Rku5Rdt1D4tX7M6G5d1PMj BqLZPFYUvi5hB2sftMcmZzy9QLkP+2oLlo0R+vc50JO5jpUC1czAXRdp6Rr2r0mFbz1mV6Je AvN4PcFoepTwq97c0lg+zZL5swfcNSAEFKXWZgKJxo6b2iby2wDqaWORjQSNlqKETFOUeQDH dcqLPioQbW95MPa8DtfHGYbdKjk5esyY/PFQw0xR4XvrZx7CeIb6gwGgQByZqTP/lbzWnPHE zpL0DslrtBdfF+i90xGlz0FB4GVQVmygfB4g/l0bajzCb06cyjMiqTrOwM0EYHRJDAEMALsD BRBzhRH3qTcPvO3sFG3VvWlNlKiAKW5XlVp3yw/mBdaVhg0BMb0LlmEamz4HHMoL5hmfUDLS 4TJfJhZMY3ZufvGwVYsiZpl5YtebkH3M8ik5dfUz15xg0ievm3foJLjOwAutS1BKRJSrEnMt YjPqS8APSYs3pd1s1zPfvwaTYy5MrNE6mS2LDqbKA4nJVdq3LpEaBmSW+njfQAIZTRKmgxsb 6kxn4JWVseVRKKDMbqSHZpm8a4RO194FOqdXEz9fTVz2Zn8nJ1zJZTNWzcsHq3gBtM84kwUo NghYDqExuIHahojUHXHntfjZ5ZDW4/ZbOcCrVRDNWWoIoxBvxz10+TPgM+/ytA8VFr4Sglnj 1pnnRFs7aUXa5zIoFUC7NKWCR158ujnYD6S6Ap4nkDhdovL54azvt+/ChWiuQqoQSPE2ihLo vkM8cR9UNPjBVAuLA+pr6RPeg8LrjMRD86lBCfc5KkiP22oTOVzZal+jGgdgiYvD13KM2jUd VB8H9QARAQABwsD8BBgBCAAmFiEEqSCpfxCgL8K1UEfVLxsaOZdmM9EFAmB0SQ0FCQWjmoAC GwwACgkQLxsaOZdmM9Gc3wv/Wyquulv2Y7kUPXITDs/oLugd2Lx6KhFfPOhaoe2amQqhWk8H Hhauqb2Qx8rMFeDmaqzfxLsRpM0FMjtovH3XswPuZoZ3mLw0XuHGgU5QVS/zL6NrNVdwq8dv OV5m6QCm0RomI1cPRAB8P6/bbJy+FUBWvqqCUbQo5T5KXYgNwA/m1Y/S5cej/Wz3V7/Ixwkl 2t63TTrhnXBBGkAz5ApBT/YJ7L89eHLZJUMJJXaNewfhb3dIcZgza705BU5jHchpmJtTzgnS PaYqhKciMQUxd8/8jJ/XqlNVw7XxY77mNK+9BDf7y2EG6bRrzQExhS08vtuPexOE66IXdRId kENY+UQeopSb6EXU6eRD7BsXHLRfxzvs0+wMU7lRUigiONMUv54p6PqBa8PMFV4Jv8NcB9Qu Phy/7YtaBjmJn0FDTKpbDYILwh0WNoxjFqWI3jMo2ZTVjKY0aJMndJ0MxB3eAHjhQLkeKtIL 4831tbIM6eKC9gY3xUsE4vSV/CPdPKjV
Organization: 3xA Security AB
In-Reply-To: <B84822AE-8382-4A5F-87C7-379F8202E3A6@amsl.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/auth48archive/TW-mZIDgmU7vLfKathNcMAuOaNI>
Subject: Re: [auth48] [AD] AUTH48: RFC-to-be 9399 <draft-ietf-lamps-rfc3709bis-10> for your review
X-BeenThere: auth48archive@rfc-editor.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Archiving AUTH48 exchanges between the RFC Production Center, the authors, and other related parties" <auth48archive.rfc-editor.org>
List-Unsubscribe: <https://mailman.rfc-editor.org/mailman/options/auth48archive>, <mailto:auth48archive-request@rfc-editor.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/auth48archive/>
List-Post: <mailto:auth48archive@rfc-editor.org>
List-Help: <mailto:auth48archive-request@rfc-editor.org?subject=help>
List-Subscribe: <https://mailman.rfc-editor.org/mailman/listinfo/auth48archive>, <mailto:auth48archive-request@rfc-editor.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Apr 2023 16:19:05 -0000

Alanna

I approve publication

/Stefan Santesson

On 2023-04-27 18:20, Alanna Paloma wrote:
> Hi Russ,
>
> Thank you for your reply. We have noted you approval on the AUTH48 page:
> https://www.rfc-editor.org/auth48/rfc9399
>
> Once we receive approvals from Roman, Stefan, and Trevor, we will move this document forward in the publication process.
>
> Best regards,
> RFC Editor/ap
>
>> On Apr 26, 2023, at 10:33 AM, Russ Housley <housley@vigilsec.com> wrote:
>>
>> Alanna:
>>
>> Please proceed with publication.
>>
>> Russ
>>
>>> On Apr 26, 2023, at 12:09 PM, Alanna Paloma <apaloma@amsl.com> wrote:
>>>
>>> Hi Russ and *Roman,
>>>
>>> *Roman (AD) - In addition, please review and approve of the added text in Appendix C, along with the updates in Sections 4.1 and 4.3 and Appendices A.2, B.3, and B.4 and the removal of RFC 6838 as a normative reference in the diff file below:
>>> https://www.rfc-editor.org/authors/rfc9399-auth48diff.html
>>>
>>> Russ - Thank you for your reply. We have added this item to the list in Appendix C.
>>>
>>> The files have been posted here (please refresh):
>>> https://www.rfc-editor.org/authors/rfc9399.xml
>>> https://www.rfc-editor.org/authors/rfc9399.txt
>>> https://www.rfc-editor.org/authors/rfc9399.html
>>> https://www.rfc-editor.org/authors/rfc9399.pdf
>>>
>>> The relevant diff files have been posted here:
>>> https://www.rfc-editor.org/authors/rfc9399-diff.html (comprehensive diff)
>>> https://www.rfc-editor.org/authors/rfc9399-auth48diff.html (AUTH48 changes)
>>> https://www.rfc-editor.org/authors/rfc9399-lastdiff.html (last version to this one)
>>>
>>> For the AUTH48 status of this document, please see:
>>> https://www.rfc-editor.org/auth48/rfc9399
>>>
>>> Thank you,
>>> RFC Editor/ap
>>>
>>>> On Apr 25, 2023, at 12:42 PM, Russ Housley <housley@vigilsec.com> wrote:
>>>>
>>>> Thanks for making this change.  I think this needs to be added to the list of things that have been changed in Appendix C.
>>>>
>>>> I suggest:
>>>>
>>>> OLD:
>>>>
>>>> *  Require support for the HTTP scheme (http://...) URI and the HTTPS
>>>>     scheme (https://...) URI.
>>>>
>>>> *  Require support for the compressed SVG image format with the
>>>>     image/svg+xml+gzip media type.
>>>>
>>>> NEW:
>>>>
>>>> *  Require support for the HTTP scheme (http://...) URI and the HTTPS
>>>>     scheme (https://...) URI.
>>>>
>>>> *  Provide syntax of the "data" URI scheme using modern ABNF.
>>>>
>>>> *  Require support for the compressed SVG image format with the
>>>>     image/svg+xml+gzip media type.
>>>>
>>>> Thanks,
>>>> Russ
>>>>
>>>>
>>>>> On Apr 25, 2023, at 12:17 PM, Alanna Paloma <apaloma@amsl.com> wrote:
>>>>>
>>>>> Hi Russ and *Roman,
>>>>>
>>>>> *Roman (AD) - Please review and approve of the updates in Sections 4.1 and 4.3 and Appendices A.2, B.3, and B.4, as well as the removal of RFC 6838 as a normative reference in the diff file below:
>>>>> https://www.rfc-editor.org/authors/rfc9399-auth48diff.html
>>>>>
>>>>> We have updated the files accordingly. Once we have received approvals from Stefan, Trevor, and *Roman, we will move this document forward in the publication process.
>>>>>
>>>>> The files have been posted here (please refresh):
>>>>> https://www.rfc-editor.org/authors/rfc9399.xml
>>>>> https://www.rfc-editor.org/authors/rfc9399.txt
>>>>> https://www.rfc-editor.org/authors/rfc9399.html
>>>>> https://www.rfc-editor.org/authors/rfc9399.pdf
>>>>>
>>>>> The relevant diff files have been posted here:
>>>>> https://www.rfc-editor.org/authors/rfc9399-diff.html (comprehensive diff)
>>>>> https://www.rfc-editor.org/authors/rfc9399-auth48diff.html (AUTH48 changes)
>>>>> https://www.rfc-editor.org/authors/rfc9399-lastdiff.html (last version to this one)
>>>>>
>>>>> For the AUTH48 status of this document, please see:
>>>>> https://www.rfc-editor.org/auth48/rfc9399
>>>>>
>>>>> Thank you,
>>>>> RFC Editor/ap
>>>>>
>>>>>> On Apr 24, 2023, at 3:02 PM, Russ Housley <housley@vigilsec.com> wrote:
>>>>>>
>>>>>> I have chased this down, including Errata ID 2045.  The following addresses the concern that was raised about the ABNF.  The NEW ABNF compiles properly using BAP (after you chase down all of the dependencies).
>>>>>>
>>>>>> OLD:
>>>>>>
>>>>>> If the logotype image is provided through direct addressing, then the
>>>>>> image MAY be stored within the logotype certificate extension using
>>>>>> the "data" scheme [RFC2397].  The syntax of the "data" URI scheme
>>>>>> defined is included here for convenience:
>>>>>>
>>>>>>   dataurl    := "data:" [ mediatype ] [ ";base64" ] "," data
>>>>>>   mediatype  := [ type "/" subtype ] *( ";" parameter )
>>>>>>   data       := *urlchar
>>>>>>   parameter  := attribute "=" value
>>>>>>
>>>>>> NEW:
>>>>>>
>>>>>> If the logotype image is provided through direct addressing, then the
>>>>>> image MAY be stored within the logotype certificate extension using
>>>>>> the "data" scheme [RFC2397].  The syntax of the "data" URI scheme is
>>>>>> shown below, which incorporates Errata ID 2045 and uses modern ABNF
>>>>>> [RFC5234]:
>>>>>>
>>>>>>   dataurl    = "data:" [ media-type ] [ ";base64" ] "," data
>>>>>>   data       = *(reserved / unreserved / escaped)
>>>>>>   reserved   = ";" / "/" / "?" / ":" / "@" / "&" / "=" / "+" /
>>>>>>                "$" / ","
>>>>>>   unreserved = alphanum / mark
>>>>>>   alphanum   = ALPHA / DIGIT
>>>>>>   mark       = "-" / "_" / "." / "!" / "~" / "*" / "'" / "(" / ")"
>>>>>>   escaped    = "%" hex hex
>>>>>>   hex        = HEXDIG / "a" / "b" / "c" / "d" / "e" / "f"
>>>>>>
>>>>>> Where media-type is defined in Section 8.3.1 of [RFC9110]; and
>>>>>> ALPHA, DIGIT, and HEXDIG are defined in Appendix B.1 of [RFC5234].
>>>>>>
>>>>>> Russ
>>>>>>
>>>>>>
>>>>>>> On Apr 23, 2023, at 5:30 PM, Carsten Bormann <cabo@tzi.org> wrote:
>>>>>>>
>>>>>>> On 23. Apr 2023, at 22:35, Russ Housley <housley@vigilsec.com> wrote:
>>>>>>>> I think you are pointing out that the optional whitespace is not allowed in the [RFC2397] ABNF.  If you are saying more than that, I am missing it.
>>>>>>> Ah.  I was talking about a different form of BNF notation being used, not about a different grammar expressed in ABNF notation.
>>>>>>>
>>>>>>> The 989/1049/1341 BNF is using “:=“, where standard (822/2396/2234/5234) ABNF uses “=“.
>>>>>>> This alone should cause the tools to error out, which they did as Alanna mentioned.
>>>>>>> (The deviant BNF and ABNF otherwise look very similar, but I haven’t even looked for any other gratuitous changes, so I don’t know if there are any more.)
>>>>>>>
>>>>>>> Grüße, Carsten
>>>>>>>

v2.23.0 | Report a Bug | By Email