IETF Logo Mail Archive

Re: [auth48] [AD] AUTH48: RFC-to-be 9399 <draft-ietf-lamps-rfc3709bis-10> for your review

Roman Danyliw <rdd@cert.org> Fri, 28 April 2023 18:35 UTC

Return-Path: <rdd@cert.org>
X-Original-To: auth48archive@ietfa.amsl.com
Delivered-To: auth48archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E00F0C15C501; Fri, 28 Apr 2023 11:35:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cert.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p_O9hsYopPf2; Fri, 28 Apr 2023 11:35:54 -0700 (PDT)
Received: from USG02-BN3-obe.outbound.protection.office365.us (mail-bn3usg02on0720.outbound.protection.office365.us [IPv6:2001:489a:2202:c::720]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 99510C0DA96E; Fri, 28 Apr 2023 11:35:47 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=Y0adNht+So7hy7Ih99UFl6N+Cat5CT7nhB5qyzn1EptYaeSllyiNl12V/8TLjTApxJVl9tZkxeped64c/afz97kQFbZ1H3C+p2dJxQIONhcnYVHGRicTU9ZFYIFB3mjFtfgjrR52/q1hSkSTzbs/qbqBKxdtysnHxPnJFMx2fMgTouJnR0S54DPV8evm2/5UfwQUFtJ1qk3uCS18VaqRsYsM42KuyTrGQGLo4iUCLVKeI1jYL+qPUP/dfDdCXH7CUZ7bzsnFXivjXPm9eVrirNBTGOjNByugePlQegV64GLpL0BHj/VUK9gTtzxgFgUcopypFQzDUKsP+rqKEoCP8g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=9f7pKaU0UbRdEe609VEeQEU8gVdzb0mmKljr9zzqGiU=; b=QxkCmcxNJdRg/GDzbdFB+2MwNjp8Umb1QOkLka4WNhTSN9pFq0tX2LH/MPdOLAkXwcOV5fCFvTZy+HiU8LYI2gNvXQdTiD4MNU2E9KmTWpGX8pXgLmUuNTakV0u8vZKtkYNLkjT28DDfub5G+yj2rKHzquRXXiPCx7OW1VivNTwoYzk5kWgr9rqKRPU0wcuBhNxshHLqhoUDzAq5ZugSbnl1rgnASMhDyJcHOKaPjBdmKZXAjih8ld911n4DdLEi94Wivfq0fQI2hIYZaX8qUtrURSfdSqVjG5gGxIgnrdj89I/nVplwwc76hvz3I2xRIGgT7Ia1ELeB4CQQlRy7fw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cert.org; dmarc=pass action=none header.from=cert.org; dkim=pass header.d=cert.org; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cert.org; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9f7pKaU0UbRdEe609VEeQEU8gVdzb0mmKljr9zzqGiU=; b=j3oFYRPOZWbWArZSofjMDEvw5aFEP/RUX3sx7wbm1rFa1W67Uvye7IX9cQPRsyXYTyIMuPcg/d45ZDZTWDxgUIoShGwsgwsbsrafIe0hal2JS4YPCeAb715Lyf/jVbT4kbjtxaIEWVsbnDHyxp6mKVEpC4U2xFXATtDdIzUMIQM=
Received: from BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:168::11) by BN2P110MB1074.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:16a::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6319.37; Fri, 28 Apr 2023 18:35:42 +0000
Received: from BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM ([fe80::29b2:8307:6a90:c79f]) by BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM ([fe80::29b2:8307:6a90:c79f%6]) with mapi id 15.20.6319.037; Fri, 28 Apr 2023 18:35:42 +0000
From: Roman Danyliw <rdd@cert.org>
To: Alanna Paloma <apaloma@amsl.com>, Russ Housley <housley@vigilsec.com>
CC: RFC Editor <rfc-editor@rfc-editor.org>, Stefan Santesson <sts@aaa-sec.com>, Trevor Freeman <frtrevor@amazon.com>, Leonard Rosenthol <lrosenth@adobe.com>, "lamps-ads@ietf.org" <lamps-ads@ietf.org>, LAMPS Chairs <lamps-chairs@ietf.org>, Tim Hollebeek <tim.hollebeek@digicert.com>, "auth48archive@rfc-editor.org" <auth48archive@rfc-editor.org>, Carsten Bormann <cabo@tzi.org>
Thread-Topic: [AD] [auth48] AUTH48: RFC-to-be 9399 <draft-ietf-lamps-rfc3709bis-10> for your review
Thread-Index: AQHZdJa1ShQLvsnTyUuciemAg2/SwK85XQcAgAAPjICAAZsZAIABMemAgAA5WwCAAVb4AIADTU2g
Date: Fri, 28 Apr 2023 18:35:42 +0000
Message-ID: <BN2P110MB1107931A2A88712CFA848322DC6B9@BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM>
References: <20230407181524.E739B7FDC0@rfcpa.amsl.com> <F90558EB-F03B-4461-9EE5-1C220530D488@tzi.org> <dee8a7d7-c023-f07a-4776-ac3c395ee553@aaa-sec.com> <3F480C86-C862-4A47-8CE6-C3A6A069B574@tzi.org> <9CFDA284-E444-492A-8D21-8406B12DA6F3@vigilsec.com> <9ABA86A8-7F07-42F8-BF84-A0BF0124B1A0@tzi.org> <D087B817-E5E5-4D4D-814E-6096526523E2@vigilsec.com> <ACE9B926-FB1B-4ED2-973F-13B61E25AC59@tzi.org> <4C588A9B-A63E-447E-BA32-4FBED6B00A52@vigilsec.com> <EEF19E07-F362-412D-A9BC-BA7B94411B30@tzi.org> <D16DC362-9EBB-43CA-935E-A12FEF84F64C@vigilsec.com> <16BA8E25-8ACF-4DF5-8D24-773E2796D989@tzi.org> <0A24F906-7F87-43A9-8B5C-4049839FD969@vigilsec.com> <B624C581-49CB-473B-9133-89109C82741D@tzi.org> <D772A5DF-3C30-4596-A748-53CF04702BCE@vigilsec.com> <D21F6756-C2AD-4BD3-A483-A9E9A10E6158@tzi.org> <B866202C-3073-41AE-BD03-57AD0323503A@amsl.com> <0FD1353E-9DFE-434C-A975-C0509DB9777D@tzi.org> <B73DE7BE-4596-4AF7-812A-A4132CF52156@vigilsec.com> <386B68B0-2CC7-401C-8CB4-619C65CECBB1@tzi.org> <D6676E31-7723-448B-901B-46ED9E1F0822@vigilsec.com> <56202EBA-3786-4223-9558-80CAFDBBCAA3@amsl.com> <400DDF13-5BCC-4F00-912B-FB301A8EF395@vigilsec.com> <E205A72C-8BDE-4501-8BBA-D3185DADBAA9@amsl.com>
In-Reply-To: <E205A72C-8BDE-4501-8BBA-D3185DADBAA9@amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cert.org;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: BN2P110MB1107:EE_|BN2P110MB1074:EE_
x-ms-office365-filtering-correlation-id: 4ef45abc-1e4c-49c9-1919-08db48175f8b
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: wEL3P9KPTVH90iP7d40iZ0RBU1r6TZjxlUXeUkjNjphgMyVviUx7VPsMpGnuntJSmeAxTm+OPb+xXlFec61b3UhFTClQXjhC99lqGrqr3Dm+ENZFFDDpzGMvklz7YWXVT5RLj4mMNxoYUV9YAVWvaEFoBiDGql7WHjYcigXWSOaMcK07MTqNcCqmSEgl+Ew1dkKNi8MvZmnvw1jW/IPKpOoD2ywQHfEwXklZd0FNpP4dYYkSsau4NXzJXz+6/IJ4u2NvXXlwh7Gr3q9D2V3dRYYKkx+HfJzupOUw0xPLL8wLprJEcstKvEN+36htnoUtyL3/TA+LaTY2LeiCvB2mXTOOhvmPiMffhtu1HKuXr5BbGABPJpWchjckPA1FlDjvMErFvgBh7fIgBfN4djNDtLOpJfgyG6y29yIveAkEaZ0uGWTkIbqkcZ3cHPl6I9uIpRsTMF2w+W7YWhuIzBJPsVN6lNALdNz3dyLppLOjbBepYmt2DmFvU9Ahj8yfcUE71DAiHMqEPDqut3Sqd3H4W5UlWdvImU/sXtXAMPUwoA13A22pv5CuqVkXj1+f98ISS6H1/JQn3FZmNu/w/dYCxn0ku3v1alKic03qimICxCBByCYhO93Y4qO8dHk8EgON9bi7cf4xNgDJQDyN6rrH3Q==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230028)(39830400003)(396003)(136003)(366004)(451199021)(66556008)(66446008)(2906002)(76116006)(7416002)(86362001)(8676002)(66946007)(52536014)(5660300002)(66476007)(8936002)(508600001)(33656002)(64756008)(71200400001)(4326008)(41300700001)(55016003)(54906003)(966005)(7696005)(110136005)(82960400001)(26005)(122000001)(6506007)(53546011)(9686003)(186003)(83380400001)(38100700002)(38070700005)(41320700001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: D2wBdnDUL0cXYD+sSNaxtqJxHIrSVu2n3E9Xbd8bRtGTaqmXdgmZY3GLT4Mzwg8IV/WcAA6vJrx7gPblippP66Z7eoVODbkNzrnmqKONJH9DLmACzpqG0CJ6K6X+hVydr9xjBNu07MkteXAN/D5N1onDLtcZbiPI9PV89avyE5ly0DI3xenuN5G+lEO19JdsokQvCi1XoteWnVy132wFyi4UcnM7EzwPQhM82Q5OaPO/PxuRxFvxKt0ifdoZw8BeM+XuwHZH/hHVTjhCxFmq2jxjeCcPEI6jPxQMjCJOa9zt8uXWjejMJCmS/YFhl+Pp/ddyqEwUuKREL0Wi0T6y4eBSxccS5+zcKMZKw5KUZpm6GoLVXgmCl+2CXsUb/GztzLIgqtUdbneqnCbPE2hhF1kjPy5rTy4XoPYC7mNjhfo=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: cert.org
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 4ef45abc-1e4c-49c9-1919-08db48175f8b
X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Apr 2023 18:35:42.6885 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 95a9dce2-04f2-4043-995d-1ec3861911c6
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN2P110MB1074
Archived-At: <https://mailarchive.ietf.org/arch/msg/auth48archive/g1rth2V7Hib2rCd1x6QIx_6d51o>
Subject: Re: [auth48] [AD] AUTH48: RFC-to-be 9399 <draft-ietf-lamps-rfc3709bis-10> for your review
X-BeenThere: auth48archive@rfc-editor.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Archiving AUTH48 exchanges between the RFC Production Center, the authors, and other related parties" <auth48archive.rfc-editor.org>
List-Unsubscribe: <https://mailman.rfc-editor.org/mailman/options/auth48archive>, <mailto:auth48archive-request@rfc-editor.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/auth48archive/>
List-Post: <mailto:auth48archive@rfc-editor.org>
List-Help: <mailto:auth48archive-request@rfc-editor.org?subject=help>
List-Subscribe: <https://mailman.rfc-editor.org/mailman/listinfo/auth48archive>, <mailto:auth48archive-request@rfc-editor.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Apr 2023 18:35:59 -0000

Good afternoon Alanna!

This looks good to me to proceed.

Thanks,
Roman

> -----Original Message-----
> From: Alanna Paloma <apaloma@amsl.com>
> Sent: Wednesday, April 26, 2023 12:10 PM
> To: Russ Housley <housley@vigilsec.com>; Roman Danyliw <rdd@cert.org>
> Cc: RFC Editor <rfc-editor@rfc-editor.org>; Stefan Santesson <sts@aaa-
> sec.com>; Trevor Freeman <frtrevor@amazon.com>; Leonard Rosenthol
> <lrosenth@adobe.com>; lamps-ads@ietf.org; LAMPS Chairs <lamps-
> chairs@ietf.org>; Tim Hollebeek <tim.hollebeek@digicert.com>;
> auth48archive@rfc-editor.org; Carsten Bormann <cabo@tzi.org>
> Subject: Re: [AD] [auth48] AUTH48: RFC-to-be 9399 <draft-ietf-lamps-
> rfc3709bis-10> for your review
> 
> Hi Russ and *Roman,
> 
> *Roman (AD) - In addition, please review and approve of the added text in
> Appendix C, along with the updates in Sections 4.1 and 4.3 and Appendices A.2,
> B.3, and B.4 and the removal of RFC 6838 as a normative reference in the diff
> file below:
> https://www.rfc-editor.org/authors/rfc9399-auth48diff.html
> 
> Russ - Thank you for your reply. We have added this item to the list in Appendix
> C.
> 
> The files have been posted here (please refresh):
> https://www.rfc-editor.org/authors/rfc9399.xml
> https://www.rfc-editor.org/authors/rfc9399.txt
> https://www.rfc-editor.org/authors/rfc9399.html
> https://www.rfc-editor.org/authors/rfc9399.pdf
> 
> The relevant diff files have been posted here:
> https://www.rfc-editor.org/authors/rfc9399-diff.html (comprehensive diff)
> https://www.rfc-editor.org/authors/rfc9399-auth48diff.html (AUTH48
> changes) https://www.rfc-editor.org/authors/rfc9399-lastdiff.html (last version
> to this one)
> 
> For the AUTH48 status of this document, please see:
> https://www.rfc-editor.org/auth48/rfc9399
> 
> Thank you,
> RFC Editor/ap
> 
> > On Apr 25, 2023, at 12:42 PM, Russ Housley <housley@vigilsec.com> wrote:
> >
> > Thanks for making this change.  I think this needs to be added to the list of
> things that have been changed in Appendix C.
> >
> > I suggest:
> >
> > OLD:
> >
> >   *  Require support for the HTTP scheme (http://...) URI and the HTTPS
> >      scheme (https://...) URI.
> >
> >   *  Require support for the compressed SVG image format with the
> >      image/svg+xml+gzip media type.
> >
> > NEW:
> >
> >   *  Require support for the HTTP scheme (http://...) URI and the HTTPS
> >      scheme (https://...) URI.
> >
> >   *  Provide syntax of the "data" URI scheme using modern ABNF.
> >
> >   *  Require support for the compressed SVG image format with the
> >      image/svg+xml+gzip media type.
> >
> > Thanks,
> >  Russ
> >
> >
> >> On Apr 25, 2023, at 12:17 PM, Alanna Paloma <apaloma@amsl.com> wrote:
> >>
> >> Hi Russ and *Roman,
> >>
> >> *Roman (AD) - Please review and approve of the updates in Sections 4.1 and
> 4.3 and Appendices A.2, B.3, and B.4, as well as the removal of RFC 6838 as a
> normative reference in the diff file below:
> >> https://www.rfc-editor.org/authors/rfc9399-auth48diff.html
> >>
> >> We have updated the files accordingly. Once we have received approvals
> from Stefan, Trevor, and *Roman, we will move this document forward in the
> publication process.
> >>
> >> The files have been posted here (please refresh):
> >> https://www.rfc-editor.org/authors/rfc9399.xml
> >> https://www.rfc-editor.org/authors/rfc9399.txt
> >> https://www.rfc-editor.org/authors/rfc9399.html
> >> https://www.rfc-editor.org/authors/rfc9399.pdf
> >>
> >> The relevant diff files have been posted here:
> >> https://www.rfc-editor.org/authors/rfc9399-diff.html (comprehensive
> >> diff) https://www.rfc-editor.org/authors/rfc9399-auth48diff.html
> >> (AUTH48 changes)
> >> https://www.rfc-editor.org/authors/rfc9399-lastdiff.html (last
> >> version to this one)
> >>
> >> For the AUTH48 status of this document, please see:
> >> https://www.rfc-editor.org/auth48/rfc9399
> >>
> >> Thank you,
> >> RFC Editor/ap
> >>
> >>> On Apr 24, 2023, at 3:02 PM, Russ Housley <housley@vigilsec.com> wrote:
> >>>
> >>> I have chased this down, including Errata ID 2045.  The following addresses
> the concern that was raised about the ABNF.  The NEW ABNF compiles properly
> using BAP (after you chase down all of the dependencies).
> >>>
> >>> OLD:
> >>>
> >>> If the logotype image is provided through direct addressing, then
> >>> the image MAY be stored within the logotype certificate extension
> >>> using the "data" scheme [RFC2397].  The syntax of the "data" URI
> >>> scheme defined is included here for convenience:
> >>>
> >>>    dataurl    := "data:" [ mediatype ] [ ";base64" ] "," data
> >>>    mediatype  := [ type "/" subtype ] *( ";" parameter )
> >>>    data       := *urlchar
> >>>    parameter  := attribute "=" value
> >>>
> >>> NEW:
> >>>
> >>> If the logotype image is provided through direct addressing, then
> >>> the image MAY be stored within the logotype certificate extension
> >>> using the "data" scheme [RFC2397].  The syntax of the "data" URI
> >>> scheme is shown below, which incorporates Errata ID 2045 and uses
> >>> modern ABNF
> >>> [RFC5234]:
> >>>
> >>>    dataurl    = "data:" [ media-type ] [ ";base64" ] "," data
> >>>    data       = *(reserved / unreserved / escaped)
> >>>    reserved   = ";" / "/" / "?" / ":" / "@" / "&" / "=" / "+" /
> >>>                 "$" / ","
> >>>    unreserved = alphanum / mark
> >>>    alphanum   = ALPHA / DIGIT
> >>>    mark       = "-" / "_" / "." / "!" / "~" / "*" / "'" / "(" / ")"
> >>>    escaped    = "%" hex hex
> >>>    hex        = HEXDIG / "a" / "b" / "c" / "d" / "e" / "f"
> >>>
> >>> Where media-type is defined in Section 8.3.1 of [RFC9110]; and
> >>> ALPHA, DIGIT, and HEXDIG are defined in Appendix B.1 of [RFC5234].
> >>>
> >>> Russ
> >>>
> >>>
> >>>> On Apr 23, 2023, at 5:30 PM, Carsten Bormann <cabo@tzi.org> wrote:
> >>>>
> >>>> On 23. Apr 2023, at 22:35, Russ Housley <housley@vigilsec.com> wrote:
> >>>>>
> >>>>> I think you are pointing out that the optional whitespace is not allowed
> in the [RFC2397] ABNF.  If you are saying more than that, I am missing it.
> >>>>
> >>>> Ah.  I was talking about a different form of BNF notation being used, not
> about a different grammar expressed in ABNF notation.
> >>>>
> >>>> The 989/1049/1341 BNF is using “:=“, where standard
> (822/2396/2234/5234) ABNF uses “=“.
> >>>> This alone should cause the tools to error out, which they did as Alanna
> mentioned.
> >>>> (The deviant BNF and ABNF otherwise look very similar, but I
> >>>> haven’t even looked for any other gratuitous changes, so I don’t
> >>>> know if there are any more.)
> >>>>
> >>>> Grüße, Carsten
> >>>>
> >>>
> >>
> >

v2.23.0 | Report a Bug | By Email