Re: [Cbor] Secdir last call review of draft-ietf-cbor-date-tag-05

Mike Jones <Michael.Jones@microsoft.com> Wed, 26 August 2020 22:33 UTC

From: Mike Jones <Michael.Jones@microsoft.com>
To: Kyle Rose <krose@krose.org>, "secdir@ietf.org" <secdir@ietf.org>
CC: "draft-ietf-cbor-date-tag.all@ietf.org" <draft-ietf-cbor-date-tag.all@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>, "cbor@ietf.org" <cbor@ietf.org>
Thread-Topic: Secdir last call review of draft-ietf-cbor-date-tag-05
Thread-Index: AdZx1BxyoBjm9wtuR3uPvOkylOb0YQKJJuNA
Date: Wed, 26 Aug 2020 22:33:41 +0000
Message-ID: <CH2PR00MB067816A0AD84C4DFEA0D8B06F5541@CH2PR00MB0678.namprd00.prod.outlook.com>
References: <MN2PR00MB06860E2D4F9B897F47CB76C5F5401@MN2PR00MB0686.namprd00.prod.outlook.com>
In-Reply-To: <MN2PR00MB06860E2D4F9B897F47CB76C5F5401@MN2PR00MB0686.namprd00.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2020-08-14T00:28:56Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=5ae9dac8-a305-4f45-8149-fa8770de83f5; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0
authentication-results: krose.org; dkim=none (message not signed) header.d=none;krose.org; dmarc=none action=none header.from=microsoft.com;
x-originating-ip: [50.47.86.243]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 70253109-12f4-4b27-665b-08d84a1015a0
x-ms-traffictypediagnostic: CH2PR00MB0711:
x-microsoft-antispam-prvs: <CH2PR00MB0711DC98441F14FF295CF937F5541@CH2PR00MB0711.namprd00.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 6GdMAxVwpLtJW4Zf3fe053sC9OpQwRHpPPWKegIi3oaXSghTGU34/I6dmUK7eQGlfKaoTp+3UrgCmwGJF04xNXbARnqVrgii6A8JTcvzHbZ2HCW95jvdknfMQYw9i/ot6iq/WczLo5W4CijP5SkIcXQBCgThD1vfeX8zD4x38UNbghaSVR3/kZlkF7Neij/oQnT1XfmYQ//dxCzLBU8Mb24FmnP3MaeNkRoDY3ITX56UouF+DetgtZGEmOw+PS5QBX0nQz9XNQ8K4YXm57WqRVHeOvfXctubabvd0v9JJS1gPn7bFTq+aZuzl0XRV3cLQN28sUDCIU1764sQqZ1xZJ+4sP2BzAwtgHPIy5umJAqeRjQ4rDh/VaCEJPoBTNDApBMlUgggnlNGtZPfa/pKEA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CH2PR00MB0678.namprd00.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(396003)(39860400002)(376002)(136003)(366004)(346002)(33656002)(66946007)(66556008)(66446008)(66476007)(64756008)(52536014)(86362001)(71200400001)(966005)(4326008)(7696005)(478600001)(53546011)(83080400001)(55016002)(82950400001)(5660300002)(82960400001)(6506007)(83380400001)(316002)(166002)(8990500004)(26005)(186003)(9326002)(54906003)(2906002)(9686003)(8676002)(76116006)(110136005)(8936002)(10290500003); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: US5Wd1nt1GBbkgQ5tc0Bk3YvfkqD2dctv/4E9dLbZyfJUGIb/51BluZNDWkHejQIW8/EYiAlcKWD2b1bFuPj2ioHGyMSkuxdF7KI+4jVLPhW9IcDhk6lgwI/aUGN7cTJpmLtthFgIWNutOSI07eaEKHwwrArkl68Mvi1InvN42cOYiSXl8ZG+7fuZ/YKU99qqmOWnJeoeCjHeFiyGgRkHvWQVKUT/LhqRaRSJGuQTjW/2vOkCfe7blsvOxP1mO2oJOpQwEa4ZvXD+6Q6KS8YQvm1RBIJLiunqAfFXE6NVKFeY7H573hnTNRu4gEKMFTe9PqMiVaqYuFahkx02cW7HxVQKkyw/mOVH8eFytBsqbY5odyj2yhEXDhEhcHStHxVxsryLYHQalmupTt9VcOZ7wP7dP1PFzDteoesPhuh05YJtWLAOVLbZVMbT6kAO3vz6zF/BCKIL7kUki6JqlgYmv6wMn8fO2kLfINMA/mo08t+mMA+7CUx8Y7g+jhO5fTDrxqaR+cY0RKLL8j4lASarbxDzDNyfY6UEmKEa7ZATDv8VP8sd0uqWIFA0Hu/jvZ6KAKVWeRl5v+FR2isvcrSQOt/SRgg5TKTbyB3DnVGvI82Z5EprQNqR9GO5VQQaKcJwXgJYvY+3vSv1gVaKKurjQ==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_CH2PR00MB067816A0AD84C4DFEA0D8B06F5541CH2PR00MB0678namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH2PR00MB0678.namprd00.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 70253109-12f4-4b27-665b-08d84a1015a0
X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Aug 2020 22:33:41.4247 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: IGvMxMB8G8xNngRso5rotAiDGusC+ShPgNkbTclsq5+4aH/w8JXk8xIk1QCZlLBDjbjAaWnhASw2kSsShxfDUg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH2PR00MB0711
Archived-At: <https://mailarchive.ietf.org/arch/msg/cbor/duI6bNrmAyRKNIxE7kivpDsrYc8>
Subject: Re: [Cbor] Secdir last call review of draft-ietf-cbor-date-tag-05
X-BeenThere: cbor@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Concise Binary Object Representation \(CBOR\)" <cbor.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cbor>, <mailto:cbor-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cbor/>
List-Post: <mailto:cbor@ietf.org>
List-Help: <mailto:cbor-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cbor>, <mailto:cbor-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Aug 2020 22:33:49 -0000

Hi Kyle,

https://tools.ietf.org/html/draft-ietf-cbor-date-tag-06 adds the certificate expiration example that you suggested.  Thanks again for taking the time to review the draft!

                                                       -- Mike

From: Mike Jones
Sent: Thursday, August 13, 2020 5:45 PM
To: 'Kyle Rose' <krose@krose.org>; secdir@ietf.org
Cc: draft-ietf-cbor-date-tag.all@ietf.org; last-call@ietf.org; cbor@ietf.org
Subject: RE: Secdir last call review of draft-ietf-cbor-date-tag-05

Thanks for your thoughtful review, Kyle.  My replies to your comments are inline...

-----Original Message-----
From: Kyle Rose via Datatracker <noreply@ietf.org<mailto:noreply@ietf.org>>
Sent: Monday, August 10, 2020 11:48 AM
To: secdir@ietf.org<mailto:secdir@ietf.org>
Cc: draft-ietf-cbor-date-tag.all@ietf.org<mailto:draft-ietf-cbor-date-tag.all@ietf.org>; last-call@ietf.org<mailto:last-call@ietf.org>; cbor@ietf.org<mailto:cbor@ietf.org>
Subject: Secdir last call review of draft-ietf-cbor-date-tag-05

Reviewer: Kyle Rose

Review result: Has Nits

I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the security area directors.

Document editors and WG chairs should treat these comments just like any other last call comments.

This document is ready with nits. I see no issues of interest to the security directorate.

I do have three comments, however:

* In the security considerations section, a better example might be the potential inappropriateness of using an imprecise mechanism for specifying certificate expiration.

I'll plan to add this example when addressing other last call comments.

* It's not clear how this is intended to work for dates prior to the start of the Gregorian calendar in 1582. What do negative integer values mean when they imply a date before 15-Oct-1582? Is the Gregorian calendar defined for all time? In a brief investigation, I've been unable to find the answer to this.

See the section in the Introduction on the relationship to the Modified Julian Date value and then see https://core2.gsfc.nasa.gov/time/ for the relationship of the Modified Julian Date to the Julian Date, a timescale defined by the Smithsonian Astronomical Observatory beginning at noon 1 January 4713 B.C.  That seems to go far back enough for most practical purposes.

Interestingly, according to https://en.wikipedia.org/wiki/Julian_day:

“The Modified Julian Date (MJD) was introduced by the Smithsonian Astrophysical Observatory in 1957 to record the orbit of Sputnik via an IBM 704 (36-bit machine) and using only 18 bits until August 7, 2576. MJD is the epoch of VAX/VMS and its successor OpenVMS, using 63-bit date/time, which allows times to be stored up to July 31, 31086, 02:48:05.47.[18] The MJD has a starting point of midnight on November 17, 1858 and is computed by MJD = JD - 2400000.5.”

* In a very gross sense, this specification *is* actually tied to the prevailing timescale, leap seconds and all: if the whole world were to transition from UTC to TAI and stop adding leap seconds, presumably implementations would continue to generate dates for this specification by truncating the local timestamp to the date, which would cause it to drift along with TAI away from UTC over time. There wouldn't be a huge practical effect here given how little they are expected to diverge over the foreseeable future, but it would mean that dates encoded in this format today would not carry enough information to precisely indicate a date in the far future even if the target timescale were understood throughout since the source timescale isn't part of the encoding.

If it’s good enough for the Smithsonian Astronomical Observatory (albeit, utilizing a defined integer offset), it’s good enough for me. ;-)  Timekeeping is ultimately a human cultural endeavor and it’s beyond the scope of this specification to probe its many variations and foibles.  The essence of dates is that each time the world goes round, these values increment.  That said, if you have specific text you’d like to see added, I’m open to it.

                                                       Best wishes,

                                                       -- Mike

P.S.  I never expected that writing this very simple specification would result in such interesting discussions about timekeeping!

[Cbor] Secdir last call review of draft-ietf-cbor… Kyle Rose via Datatracker
Re: [Cbor] Secdir last call review of draft-ietf-… Mike Jones
Re: [Cbor] Secdir last call review of draft-ietf-… Mike Jones