IETF Logo Mail Archive

Re: [Curdle] WGLC draft-schaad-curdle-oid-registry

Daniel Migault <daniel.migault@ericsson.com> Thu, 28 September 2017 17:35 UTC

Return-Path: <mglt.ietf@gmail.com>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EE0DE132D41 for <curdle@ietfa.amsl.com>; Thu, 28 Sep 2017 10:35:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.698
X-Spam-Level:
X-Spam-Status: No, score=-1.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.199, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mffTS2xSMZJT for <curdle@ietfa.amsl.com>; Thu, 28 Sep 2017 10:35:35 -0700 (PDT)
Received: from mail-wr0-x229.google.com (mail-wr0-x229.google.com [IPv6:2a00:1450:400c:c0c::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 177C0132125 for <curdle@ietf.org>; Thu, 28 Sep 2017 10:35:35 -0700 (PDT)
Received: by mail-wr0-x229.google.com with SMTP id 54so4006704wrz.10 for <curdle@ietf.org>; Thu, 28 Sep 2017 10:35:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=E77D9/aS6Tfj0gdMdgmsjNuYkBfxSuFJYLcFtJXHj54=; b=CBYCNVQCj3bEjlThD1modgtF8YMz25YTXNhv3Pgmlfy8f1qz10BuQ8ddWxlneXjts3 GgDamMDxalAV6jHhFuWSeH7j9xqXcT9ZBsk7CGT9Io4ff3DkvkbIR1c4vPxtOGqXeaRS f7FSgRaovI7F9yjPcR2Y+0w96kGDNQLkAozVnkZ8/VURBQpR7TXAkmoiXfWwFQjddBVB USP/HelwuhsgC+Nom9ZSVM9M0AfxVodLO/2X4rQX9cRk6lKGN/EUx1qLpqgaXNyFoIeR LtZljh+Z1VvIdQVHXnE2KJSwkTqUpQ2QqQUzWT9w9iG1UReRvkrs/r2pyY0NSQoxjZpJ +dCw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=E77D9/aS6Tfj0gdMdgmsjNuYkBfxSuFJYLcFtJXHj54=; b=DtuxSTAmenZko0ELzuG7LVp7XS5ZQ2PbiZLJ5fJIQoYqT82U99eIXSGZKiE6ZvRakF 7Oixz12TuEs5M/tmg++/E2Ni6E4FVTywxsrzXBDU0mNFgvzhqSYEVggeApjf8tlRyS69 CDOAMHU3TjUGeF7H95kfjrda09TZDxyADCnUjzG0E4z+/YiUogA5SdPxo2n7OmZ3/ARv QwyFsoJY1DkYKNxxb2WfMGXRQmi4JSmvUZ5dNnZ1cKnxOGoA/1Iansu0iAWiw0QEnLi3 jwNmSvNO3hbPjsaDeu2Zywz5s6iJfR1kJz9QEK0Zz59/7onb/xdFPVVv9Gj5LfUL0Ffq B9Bg==
X-Gm-Message-State: AHPjjUhIFAk4CnN6yPV4GH/A5wIne3BbW0DAppkh42G2+4kFMKwUwgU4 oU04/T1Mi8cEtBK2405xdTkrTbl6ZOaKhNhUYTYbnA==
X-Google-Smtp-Source: AOwi7QDEqbugt3lUA13o44zkFig/sqOrdn1Hg3sI5b8SqYc+G45eZ376ZZ5uIQdkVBLXdDGjkzWHhXp5/nfBI6iC7R8=
X-Received: by 10.46.3.1 with SMTP id 1mr2407740ljd.147.1506620133541; Thu, 28 Sep 2017 10:35:33 -0700 (PDT)
MIME-Version: 1.0
Sender: mglt.ietf@gmail.com
Received: by 10.46.97.25 with HTTP; Thu, 28 Sep 2017 10:35:32 -0700 (PDT)
In-Reply-To: <029501d33867$37818b60$a684a220$@augustcellars.com>
References: <CADZyTk=y_OJ3CsYtK6yBpXd5hrJtZ=HatuDVMCdCG1DTg7y1vg@mail.gmail.com> <3895FA29-6856-4024-955F-D8C0CBADF42A@sn3rd.com> <CADZyTk=ETS4XzBcA++gPUpWFskzREfWaEcrHLWZsXHdZ+mX1Nw@mail.gmail.com> <03af01d2e09f$518e7c40$f4ab74c0$@augustcellars.com> <CADZyTkkrx4AZWoOBQGmyDHCx1V42__ybNbtbt2tcGbK8R2D4eA@mail.gmail.com> <C881476C-9884-465B-9AAC-375EE0A22D77@vigilsec.com> <CADZyTkkB2XpiaHNuv=w6cbojysWF6Ux4eRqrHYA3khNq4TRovg@mail.gmail.com> <026001d337f8$b0c4f030$124ed090$@augustcellars.com> <CADZyTkmnumtELcPTNj=VRUGZK9kGb-sAwuNejwTbu8fpasAMxQ@mail.gmail.com> <029501d33867$37818b60$a684a220$@augustcellars.com>
From: Daniel Migault <daniel.migault@ericsson.com>
Date: Thu, 28 Sep 2017 13:35:32 -0400
X-Google-Sender-Auth: Zrnj8ISVS1Ck9XcXffdl78nRmF4
Message-ID: <CADZyTkkYsA4Hvp4LsbxCFOMUL7oFHZzkwRPWBccmLrNjATXWsw@mail.gmail.com>
To: Jim Schaad <ietf@augustcellars.com>
Cc: curdle <curdle@ietf.org>
Content-Type: multipart/alternative; boundary="089e082756b8df0d18055a435513"
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/yC2a6hYNfB8AAxyUOUKhZ5DuMIA>
Subject: Re: [Curdle] WGLC draft-schaad-curdle-oid-registry
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Sep 2017 17:35:39 -0000

Hi Jim,

I think the current write-up address your comment. Let me know if that is
fine to you, so I can press the button.

Yours,
Daniel

On Thu, Sep 28, 2017 at 10:36 AM, Jim Schaad <ietf@augustcellars.com> wrote:

>
>
>
>
> *From:* mglt.ietf@gmail.com [mailto:mglt.ietf@gmail.com] *On Behalf Of *Daniel
> Migault
> *Sent:* Thursday, September 28, 2017 7:07 AM
> *To:* Jim Schaad <ietf@augustcellars.com>
> *Cc:* curdle <curdle@ietf.org>
> *Subject:* Re: [Curdle] WGLC draft-schaad-curdle-oid-registry
>
>
>
> Hi Jim,
>
> Thanks for the feed backs. Please find my response in line.
>
> Yours,
>
> Daniel
>
>
>
> On Wed, Sep 27, 2017 at 9:25 PM, Jim Schaad <ietf@augustcellars.com>
> wrote:
>
>
>    1. I would not use the phrase “In some ways”.  “It uses the
>    assignments made by the document draft-ietf-curdle-pkix to prepopulate the
>    table, including a pair of assignments made during discussions that did not
>    make the final draft.”    Delete sentence 2, put this in as a new sentence
>    3.
>
> Correct. "In some ways" resulted from a bad copy/ paste. I not sure I
> really get the sentence numbers. The current paragraph is as below. Ar eyou
> ok with it.
>
> The draft does not discuss any technical content. The draft describes
> the set of OIDs that have been donated. It uses the assignments made
>  by the document draft-ietf-curdle-pkix to prepopulate the table, including
>  a pair of assignments made during discussions that did not make the
> final draft. It also describes the creation of an IANA registry table,
> as well as update procedure for adding new entries which includes,
> parameters to provide, the review process to follow and the way the arc
> can be extended.
>
>
>
> [JLS] I would describe the creation before the population.  That is why I
> suggested change the sentence order.
>
<mglt>
The current text is:
The draft does not discuss any technical content. The draft describes
the set of OIDs that have been donated.  It also describes the creation
of an IANA registry table, as well as update procedure for adding new
entries which includes, parameters to provide, the review process to
follow and the way the arc can be extended. It uses the assignments made
 by the document draft-ietf-curdle-pkix to prepopulate the table, including
 a pair of assignments made during discussions that did not make the
final draft.

I think that address your comment.
</mglt>


>
>
>    1.
>    2. As noted before, the instructions to deal with the reference to the
>    -03 draft are in the XML as a request to the RFC editor.
>
>  The comment on the XML specifies the version of the CURDLE draft is
> version 3. The reference is in the informational reference.My understanding
> is that the final to become RFC will also be needed and that the v3 will
> not be the only reference used. I think this reference is missing in the
> normative reference.
>
>
>
> [JLS]  Currently both of those references are informational.  I think this
> is correct as one does not need to understand the content there in order to
> understand what is happening in this draft.  If you really want them to be
> normative that is a problem because of the down ref to -03.  I think they
> should both be at the same level.
>
> <mglt>Actually, I expected RFC to be normative and -03 to be
informational, I even did not thought of having the RFC as informational...
As this is intentional, I will describe this in the shepherd write up and
let the AD come back if he prefer otherwise. At least I understand your
position now. Thanks. </mglt>

>
>    1. This registry does require Expert review per section 4.6 of RFC
>    8126.
>
> I think that was the sense of my response to question 18. Is the text
> clearer ?
>
>
>
> Future allocation does not require Expert review, instead it uses
> "specification required".
>
>
>
> [JLS] RFC 8126 says “For the Specification Required policy, review and approval by a designated expert (see Section 5 <https://tools.ietf.org/html/rfc8126#section-5>) is required”  This text says that an expert review is required even if the policy is specification required.
>
>
>
<mglt>thanks for the correction.</mglt>

>
>
>
>
> If you resubmit a new version please could you changethe file name to
> draft-ietf-curdle....
>
>
>
> Jim
>
>
>
>
>
> *From:* mglt.ietf@gmail.com [mailto:mglt.ietf@gmail.com] *On Behalf Of *Daniel
> Migault
> *Sent:* Wednesday, September 27, 2017 12:08 PM
> *To:* Russ Housley <housley@vigilsec.com>
> *Cc:* Jim Schaad <ietf@augustcellars.com>; curdle <curdle@ietf.org>; Sean
> Turner <sean@sn3rd.com>
>
>
> *Subject:* Re: [Curdle] WGLC draft-schaad-curdle-oid-registry
>
>
>
> Thanks. It is better to be explicit and complete.These have been addressed.
>
> Yours,
>
> Daniel
>
>
>
>
>
> On Wed, Sep 27, 2017 at 3:01 PM, Russ Housley <housley@vigilsec.com>
> wrote:
>
> Daniel Migault is the document shepherd and Eric Rescorla is the responsible Area.
>
> s/Area/Area Director/
>
>
>
> Some questions do not have answers: (8), (13), (15)
>
>
>
> Russ
>
>
>
>
>
> On Sep 27, 2017, at 2:56 PM, Daniel Migault <daniel.migault@ericsson.com>
> wrote:
>
>
>
> Hi,
>
> Please find the shepherd write up:
>
>
>
> https://datatracker.ietf.org/doc/draft-schaad-curdle-oid-
> registry/shepherdwriteup/
>
>
>
> Feel free to comment, by the end of the week.
>
>
>
> Yours,
>
> Daniel
>
>
>
> Small comments:
>
> a)
>
> [I-D.ietf-curdle-pkix <https://tools.ietf.org/html/draft-schaad-curdle-oid-registry-02#ref-I-D.ietf-curdle-pkix>] should also be added as normative and
> [I-D.ietf-curdle-pkix <https://tools.ietf.org/html/draft-schaad-curdle-oid-registry-02#ref-I-D.ietf-curdle-pkix>-3] as informational. I think the normative comment is missing
>
> Maybe a note to the editor should be added. We need to avoid the RFC being in the informational reference ;-)
>
> b) the draft may be named ietf-curdle-oid-registry to reflect a WG document
>
> c) title of section 2.1 may be removed and all its content placed in section 2
>
> d) If that is possible would it be possible to indicate the exact location where the
> table is expected to be added. Currently my understanding is that it is not possible,
> but once the table will be added you will be 1) more specific and 2) add a link as an
>  informal reference.
>
>
>
> On Thu, Jun 8, 2017 at 5:36 PM, Jim Schaad <ietf@augustcellars.com> wrote:
>
>
>
>
>
> *From:* Curdle [mailto:curdle-bounces@ietf.org] *On Behalf Of *Daniel
> Migault
> *Sent:* Thursday, June 8, 2017 12:55 PM
> *To:* Sean Turner <sean@sn3rd.com>
> *Cc:* curdle <curdle@ietf.org>
> *Subject:* Re: [Curdle] WGLC draft-schaad-curdle-oid-registry
>
>
>
> Hi,
>
> Thank you for updating the draft Jim and Rick. While reviewing the draft
> for the shepherd -write up I came with a few comments/questions.  Please
> find my comments below.
>
> Yours,
>
> Daniel
>
>
>
> COMMENT A)
>
> The type of the draft is currently "informational". According to RFC 2026
> I am more incline to consider that BCP would be more appropriated. Any
> thoughts on that ?
>
> The draft does not discuss any technical content. The draft describes the
> set of OIDs that have been donated. In some ways, it also assigns OIDs that
> have not been assigned by any other RFCs ( but only version-03 of the pkix
> draft). It also describes the creation of an IANA registry table, as well
> as update procedure for adding new entries which includes, parameters to
> provide, the review process to follow and the way the arc can be extended.
>
> In that sense according to RFC2026 the document is essentially documenting
> IETF operations and so BCP seems the appropriated type.
>
> [JLS] I am not sure how you would presume that this could be a BCP?  What
> practices are we recommending that be followed?  I think that this makes
> far more sense as informational.  There is nothing that says that an
> informational draft be technical.  Lots of informational drafts are about
> procedures or about thought processes.  I would keep this where it is.
>
>
>
> COMMENT B)
>
> It might my fault as I commented on the earlier version the references [
> I-D.ietf-curdle-pkix
> <https://tools.ietf.org/html/draft-schaad-curdle-oid-registry-01#ref-I-D.ietf-curdle-pkix>]
> for id-EdDSA25516-ph and id-EdDSA448-ph. It looks confusing to have OIDs
> reserved for a specific Description while not being assigned. As we have
> the intention to keep these OIDs, I think you opened a better path to have
> a RFC as a reference than having an old version of a draft.
>
> I interpret the the following text as explaining why we ended up with
> id-EdDSA25516-ph and id-EdDSA448-ph.
>
> """
>
>    After those registrations were
>
>    done, there were still some unused values that can be used for other
>
>    security groups, there were still some unused values.
> """
>
>
> Placing the current document as the Reference would clarify, in my
> opinion, the status of these OIDs. It may be useful to add some text that
> provides more explication with an reference to [I-D.ietf-curdle-pkix
> <https://tools.ietf.org/html/draft-schaad-curdle-oid-registry-01#ref-I-D.ietf-curdle-pkix>]-03.
> As the RFC editor will probably replace [I-D.ietf-curdle-pkix
> <https://tools.ietf.org/html/draft-schaad-curdle-oid-registry-01#ref-I-D.ietf-curdle-pkix>]
> with the RFC number, It might also be better to have a specific
> informational reference.
>
> [JLS] There is a request in the XML that the RFC editor make sure that
> this specific reference point to the version of the ID and not the RFC.
> However, it gets messy if you have [draft] and [draft-3] I the same
> document as well.  Visually, it is currently a hard thing to do.
>
> COMMENT C)
>
> The draft says:
>
> """
>
> IANA is asked to create one new registry table.
>
> 2.1
> <https://tools.ietf.org/html/draft-schaad-curdle-oid-registry-01#section-2.1>.
> "SMI Security for Cryptographic Algorithms" Registry
>
>
>
> Within the SMI-numbers registry, add an "SMI Security for
>
> Cryptographic Algorithms" table with the three columns:
>
> """
>
> Maybe we should also specify that the SMI Security for Cryptographic
> Algorithm registry is a sub-item of the "SMI Security Codes Registries".
>
>
> I believe it would be useful to have an URL as an informational reference
> for both the "SMI-numbers registry" as well as for "SMI Security Codes
> Registries".
>
> https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml
> https://www.iana.org/assignments/smi-numbers/smi-
> numbers.xhtml#smi-numbers-26
>
> Although I am not aware of a registration procedure for these tables and
> the current, I believe it would be useful to specify explicitly all fields
> associated to the table.
>
>     - Registration: Procedure Although it can be inferred from the current
> text. I believe it is helpful to the IANA to have the exact filed value
> associated to all fields.
>
>     - Description: The description is usually the arc ID, maybe in our
> case we should add the range of provided OIDs.
>
>     - Reference: It seems to me that the current document would be
> appropriated.
>
>     - Expert: The Registration Procedure mentions Expert review. I am not
> sure experts should be listed in the in the RFC RFC5226  appointed by
> IESG.
>
>
>
> [JLS] This is really a bit of a mess, because it does not really belong
> under the SMI Security Codes section if one were being string.  It is not
> prefixed with the OID defined for that section.  It is unfortunate that
> Russ had all of the PKIX and S/MIME registries placed below that section.
> However using the registry template associated with that would not really
> be correct.  I may talk to IANA during the process of final registration to
> see if we can create a new header and move all of the registries into that
> new header but I don’t want to do that as part of this document as it
> probably would be messy to state.  This type of decision is normally made
> on the fly during the registration process and is not normally called out
> explicitly.
>
>
>
> Experts are normally suggested by the authors, chairs or shepherds of the
> document during the IESG review process at the request of the AD.
>
>
>
> We will end up with an entry that looks like https://www.iana.org/
> assignments/smi-numbers/smi-numbers.xhtml#security-smime-3 which provides
> a template of what is defined here.
>
>
>
> jim
>
>
>
>
>
>
>
> On Sat, Jun 3, 2017 at 9:48 AM, Sean Turner <sean@sn3rd.com> wrote:
>
> I hadn’t read it before, but it does what it says it’s going to do and
> it’s pretty darn short and straight forward.  Ship it!
>
> spt
>
>
> > On Jun 2, 2017, at 16:39, Daniel Migault <daniel.migault@ericsson.com>
> wrote:
> >
> > Hi,
> >
> > This email starts a WGLC for draft-schaad-curdle-oid-registry[1]. The
> draft received significant comments during the WG adoption and is expected
> to be close to its final version. Please provide your feed backs by June 16.
> >
> > Yours,
> > Rich and Daniel
> >
> > [1] https://datatracker.ietf.org/doc/draft-schaad-curdle-oid-registry/
>
> > _______________________________________________
> > Curdle mailing list
> > Curdle@ietf.org
> > https://www.ietf.org/mailman/listinfo/curdle
>
> _______________________________________________
> Curdle mailing list
> Curdle@ietf.org
> https://www.ietf.org/mailman/listinfo/curdle
>
>
>
>
> _______________________________________________
> Curdle mailing list
> Curdle@ietf.org
> https://www.ietf.org/mailman/listinfo/curdle
>
>
>
> _______________________________________________
> Curdle mailing list
> Curdle@ietf.org
> https://www.ietf.org/mailman/listinfo/curdle
>
>
>
>
> _______________________________________________
> Curdle mailing list
> Curdle@ietf.org
> https://www.ietf.org/mailman/listinfo/curdle
>
>
>
>
> _______________________________________________
> Curdle mailing list
> Curdle@ietf.org
> https://www.ietf.org/mailman/listinfo/curdle
>
>
>
> _______________________________________________
> Curdle mailing list
> Curdle@ietf.org
> https://www.ietf.org/mailman/listinfo/curdle
>
>

v2.23.0 | Report a Bug | By Email