[Gen-art] Genart last call review of draft-ietf-lamps-hash-of-root-key-cert-extn-03

Joel Halpern <jmh@joelhalpern.com> Fri, 04 January 2019 21:20 UTC

Return-Path: <jmh@joelhalpern.com>
X-Original-To: gen-art@ietf.org
Delivered-To: gen-art@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id AD2D2130E50; Fri, 4 Jan 2019 13:20:36 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Joel Halpern <jmh@joelhalpern.com>
To: <gen-art@ietf.org>
Cc: spasm@ietf.org, draft-ietf-lamps-hash-of-root-key-cert-extn.all@ietf.org, ietf@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.89.2
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <154663683668.18349.10721321094359754098@ietfa.amsl.com>
Date: Fri, 04 Jan 2019 13:20:36 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/gen-art/5cubVy-GYzTxmPRCo1L0PSUAuvM>
Subject: [Gen-art] Genart last call review of draft-ietf-lamps-hash-of-root-key-cert-extn-03
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.29
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Jan 2019 21:20:37 -0000

Reviewer: Joel Halpern
Review result: Almost Ready

I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG for the IETF Chair.  Please treat these comments just
like any other last call comments.

For more information, please see the FAQ at


Document: draft-ietf-lamps-hash-of-root-key-cert-extn-03
Reviewer: Joel Halpern
Review Date: 2019-01-04
IETF LC End Date: 2019-01-10
IESG Telechat date: Not scheduled for a telechat

Summary: This draft is nearly ready for publication as an Informational RFC.

Major issues: N/A

Minor issues:
    The explanation at the end of section 5 about the remedy for losing access
    to the new root key left me confused.
It looks like the situation is that there is a certificate out there, with the
hash of root key extensions. The certificate owner loses access to the new key
pair underlying the hash. The certificate owner clearly has to issue a new key
pair.  So far, so good.

What the text seems to say is to simply issue a new self-signed certificate. 
There are two possibilities for what is intended. I think the idea is that the
new certificate will use the existing key pair (not the promised one, nor
another new one) for its own signature, and include a new hash of root key for
the newly generated pair.  If the certificate owner can do that (I have not
dived into the rest of the certificate operations to figure out if that is
legal) then it works.  Please add some words explaining that better. If the
certificate owner can not simply issue a new self-signed certificate with the
existing key pair, then I am lost.  It appears that the text says that the
certificate owner issues a new self-signed certificate using a new key pair. 
But that will fail the check against the previous certificate hash of root key.
I am hoping that it is the first of these alternatives, and all that is needed
is clearer explanatory text stating that the new cert uses the existing key
pair, and includes a new hash of root key promise.

Nits/editorial comments:  N/A