Re: [COSE] Martin Duke's No Objection on draft-ietf-cose-x509-07: (with COMMENT)
Ivaylo Petrov <ivaylo@ackl.io> Sun, 11 October 2020 16:29 UTC
Return-Path: <ivaylo@ackl.io>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B01A33A0EC2 for <cose@ietfa.amsl.com>; Sun, 11 Oct 2020 09:29:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ackl-io.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wEM8_p1xQIju for <cose@ietfa.amsl.com>; Sun, 11 Oct 2020 09:29:33 -0700 (PDT)
Received: from mail-wm1-x334.google.com (mail-wm1-x334.google.com [IPv6:2a00:1450:4864:20::334]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CB9363A0EC1 for <cose@ietf.org>; Sun, 11 Oct 2020 09:29:32 -0700 (PDT)
Received: by mail-wm1-x334.google.com with SMTP id d3so14977670wma.4 for <cose@ietf.org>; Sun, 11 Oct 2020 09:29:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ackl-io.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=becUmC5xAMI8yQy4JAFjHPw1bv0InOo9J8Hsf6suAX0=; b=CkXQplwGJlhivoBvr9qbwr68JUrfOMuZVXO4VxrwHGrth9OX/0hn4MKUKcB4IQlnLZ TEF2ytZWxHW29ukAdmsx6ahcJzzOw0Rt0CSwZpsNuK7yrS9l357JYvFqdenkbAWINgLU iG506gKl4UQ+h7PpqNpMW6tkrzzKYpt4s21UMM3F4HOYKfPmiYuSnyyIMGd1tfKznXeE FfuqMOZZwHLoGwCVLQRe9ees3PNPG0XWGTzoosUiP9SrFI6qieRh9iuRoXAxDt2x4POA uk98FzyyoSCyc7MI6EJQo4Q3uNT4L1Eglo70m6K/PMFuPon6/BndqR8vsjzMZclHTFbM tAhw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=becUmC5xAMI8yQy4JAFjHPw1bv0InOo9J8Hsf6suAX0=; b=rIQFI7qGCv9qmQ1iarA4pO3Ay+ZyU24W9deuek7bUI2eFn1iyGmfadwZ79bJv5ZiEY w7HY42oGtqSV2DMy9KTmNzHsRgWNKulRTvQKblRQdY+MzpDudPAyVR44NzqgFz3yaT66 K6DkSe/DAiXqCMZ+yJPOQOkl4Xkd5fVKbxyKbz5tDbeZNr/mzZiKSwZ4TLhCGPwtruhN vPQ6Ac5yZbaQgp/2z56+kNEBw5CHBbAgWwlrgiQNWBOeIn5HV/R7ifsGX05r1OxpXf+D 8cB6Pfj9THZpSW8eDSHipQVFROF6znC9yvSGoOJH0njgDOhL3JxlNkHb7EKlQxHsAZp0 B+6g==
X-Gm-Message-State: AOAM532ueS2VeizVAyIjFFMFFF0KJziUAgwQJvhqrH3NMJtVAeLMoief jLpT4Q6kdlVPTa094Dw80Zc8flK9zsXQTRHb5Qna5w==
X-Google-Smtp-Source: ABdhPJx4QSoyIj1fopFlzw8lalqS+CXoDV9z/J947FFF0qcZKM9PTVDcawor8V0zmVFsUjlRo1nTN2ziOPw4GeiX+80=
X-Received: by 2002:a1c:df08:: with SMTP id w8mr7286101wmg.93.1602433770352; Sun, 11 Oct 2020 09:29:30 -0700 (PDT)
MIME-Version: 1.0
References: <160209160818.12838.15929178240331409569@ietfa.amsl.com>
In-Reply-To: <160209160818.12838.15929178240331409569@ietfa.amsl.com>
From: Ivaylo Petrov <ivaylo@ackl.io>
Date: Sun, 11 Oct 2020 19:29:04 +0300
Message-ID: <CAJFkdRxP=53Yf9SuULc4ipEy-MX-1-VAn00o4farbiiTmSax1g@mail.gmail.com>
To: Martin Duke <martin.h.duke@gmail.com>
Cc: The IESG <iesg@ietf.org>, draft-ietf-cose-x509@ietf.org, Cose Chairs Wg <cose-chairs@ietf.org>, cose <cose@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000a8875105b167afb6"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/qIky5Gj0A2EZSQu2gnBeAB11rP4>
Subject: Re: [COSE] Martin Duke's No Objection on draft-ietf-cose-x509-07: (with COMMENT)
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 11 Oct 2020 16:29:35 -0000
Hello Martin, Thank you for your comments! I am not sure if you are aware, but I am going to be handing some editorial changes to this document until publication. I will also try to answer your questions inline. On Wed, Oct 7, 2020 at 8:26 PM Martin Duke via Datatracker <noreply@ietf.org> wrote: > Martin Duke has entered the following ballot position for > draft-ietf-cose-x509-07: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-cose-x509/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > I see that it's in the charter as such, but I have no idea why this is > otherwise an Informational RFC, as it extends a Standard RFC and has some > normative language in it for interoperability. > [IP]: From my point of view this has been a decision made during the last rechartering. You can see it in the current charter [1] or this email [2]. One possible reason for that decision is that initially the draft contained hash algorithms as well, which if I understand correctly are usually published in informational drafts. To the best of my knowledge no one has voiced concerns about this document being Informational. If anyone has more context, please chime in. I am not a fan of the passive voice in Section 2: > "Certificates obtained from any of these methods MUST still be validated." > > Who has to validate it? It sounds like we are not requiring constrained > devices > to do this validation, so the document really ought to pin the > responsibility > on the system. > [IP]: My understanding is that the recipient should have enough information to obtain and validate the certificate, while the sender might not have the complete certificate. For example, one possibility is that only part of the certificate chain is sent and the message recipient needs to validate the certificate (possibly using pre-provisioned certificates for building the complete certificate chain), in order to know if it can trust it. Another example is a sender that only has a hash of the certificate along with the private key. In this case the recipient is expected to be able to obtain the correct certificate and validate the message using the appropriate key, probably verifying that the certificate is not revoked, etc. Would the following wording work better for you? Recipients MUST validate the certificate obtained from any of the following four methods. > > > > [1]: https://datatracker.ietf.org/doc/charter-ietf-cose/ [2]: https://mailarchive.ietf.org/arch/msg/cose/YE8-De30lEk52p9bY9oxB74x0BE/ Thanks, Ivaylo
- [COSE] Martin Duke's No Objection on draft-ietf-c… Martin Duke via Datatracker
- Re: [COSE] Martin Duke's No Objection on draft-ie… Ivaylo Petrov
- Re: [COSE] Martin Duke's No Objection on draft-ie… Martin Duke
- Re: [COSE] Martin Duke's No Objection on draft-ie… Michael Richardson
- Re: [COSE] Martin Duke's No Objection on draft-ie… Ivaylo Petrov
- Re: [COSE] Martin Duke's No Objection on draft-ie… Laurence Lundblade
- Re: [COSE] Martin Duke's No Objection on draft-ie… Carsten Bormann
- Re: [COSE] Martin Duke's No Objection on draft-ie… Laurence Lundblade
- Re: [COSE] Martin Duke's No Objection on draft-ie… Martin Duke
- Re: [COSE] Martin Duke's No Objection on draft-ie… Carsten Bormann
- Re: [COSE] Martin Duke's No Objection on draft-ie… Ivaylo Petrov