Re: [Gen-art] [Last-Call] Genart last call review of draft-housley-ers-asn1-modules-02

Linda Dunbar <linda.dunbar@futurewei.com> Tue, 20 July 2021 15:30 UTC

Return-Path: <linda.dunbar@futurewei.com>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC4EB3A26EA; Tue, 20 Jul 2021 08:30:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.089
X-Spam-Level:
X-Spam-Status: No, score=-2.089 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=futurewei.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Hc09P8I2K3UC; Tue, 20 Jul 2021 08:30:46 -0700 (PDT)
Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on2111.outbound.protection.outlook.com [40.107.223.111]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E0BDC3A2701; Tue, 20 Jul 2021 08:30:42 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=PDkiz4vt/fkUvEYXJLK4RfVCNi2wF+wszwYixTwqvcYCbMgzINTenlRovS+LoH7V+LaIxp0GE0g2UeyObmenmeYeK/FkRcBMXBhqXU4KZHjt6zL2ByXZ9jewf6Sw2aqXAjpkd5dNs7HAHZ3WiKxXfoYynB31AcwqZDMK1MsGgH7sid3bpmvF9yUnT8oo+vHEssl2aZa1iEmhJkc9d+WAt01fAjBz1jBONp99SRbzPzo/burN8p6EbR6PWrXOFIBWxmY/dq4atadV9TsfI15xndnFzq8X2vSfTVXwF78RynJWd4Txtoa8K1vm2gI6MRQZSn8kb4ue2kF3zztNL0mEaA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dNJfmk7D6H9+H5fnCKBnQ//9MjCu4nBf7JBufG9L4Gs=; b=MMLEbJBBl9mTXPpBEqrs5mmckkCyRHdcNKFQrSwfs4Tpcgeuwu1WZcL1qaMNEnkrLaqIrwscL7NY0OIyJ2A0041V2zuHQq0YMVwCdlswLjAxH0EBERnNPyxKt2gYvarQq34M+Qi90eAT4vYDGYw6l/Id3d8lLN/N6klKiajMBDzxcJ8e740YPs4bzOusycBJ3AQuhX5vuhleBYpZEHGj23PXOuBzBz17YGqKLEJ3+c4e9pTfrcm6XLWOYCJ8DJnShcinoGQIz2YcR/JOlaJVM48MW4toUHl8SvzY98Oj+Ds5kGrDNv8r1LhvMrlfTdtpz60WxSVIVmiKuJJo/S8XQw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=futurewei.com; dmarc=pass action=none header.from=futurewei.com; dkim=pass header.d=futurewei.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Futurewei.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dNJfmk7D6H9+H5fnCKBnQ//9MjCu4nBf7JBufG9L4Gs=; b=PTMLxnZv+pEhR4nmzdMiRbfw/Iq2F6zCryeDIKtBGMpqaGbULtXkfmB3dN8T4tFCCIMKlZc3x5+jBcbxnChwB6Nr4vbcGnnU89RvYyr8uSaGCo3Hh/+RLq3MK/oZ4H+mYVNl3oLKGAwJndgKNKzk+CEy2/++5HI83PLvUOcMygo=
Received: from CO1PR13MB4920.namprd13.prod.outlook.com (2603:10b6:303:f7::17) by MWHPR1301MB2078.namprd13.prod.outlook.com (2603:10b6:301:2b::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4352.17; Tue, 20 Jul 2021 15:30:40 +0000
Received: from CO1PR13MB4920.namprd13.prod.outlook.com ([fe80::fcc4:7066:c24e:9d37]) by CO1PR13MB4920.namprd13.prod.outlook.com ([fe80::fcc4:7066:c24e:9d37%3]) with mapi id 15.20.4352.024; Tue, 20 Jul 2021 15:30:40 +0000
From: Linda Dunbar <linda.dunbar@futurewei.com>
To: Russ Housley <housley@vigilsec.com>
CC: IETF Gen-ART <gen-art@ietf.org>, Last Call <last-call@ietf.org>, "draft-housley-ers-asn1-modules.all@ietf.org" <draft-housley-ers-asn1-modules.all@ietf.org>
Thread-Topic: [Last-Call] Genart last call review of draft-housley-ers-asn1-modules-02
Thread-Index: AQHXfXJT9o3X1TXnv0WXPEPL+ATqQatL/WSg
Date: Tue, 20 Jul 2021 15:30:40 +0000
Message-ID: <CO1PR13MB49200ACCBF70807ECA15C75585E29@CO1PR13MB4920.namprd13.prod.outlook.com>
References: <162673944315.11870.1471796709236350376@ietfa.amsl.com> <31F2F3D2-2FC3-4870-A737-A01118911A45@vigilsec.com>
In-Reply-To: <31F2F3D2-2FC3-4870-A737-A01118911A45@vigilsec.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: vigilsec.com; dkim=none (message not signed) header.d=none; vigilsec.com; dmarc=none action=none header.from=futurewei.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: b0dc7f7f-1a67-42c4-d1e7-08d94b9354df
x-ms-traffictypediagnostic: MWHPR1301MB2078:
x-microsoft-antispam-prvs: <MWHPR1301MB2078A6A76F64EC11E3B4CBA485E29@MWHPR1301MB2078.namprd13.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: hqsgXJN3lE20II0WUFWUSexyuuovMB2XfuA5zCUx4Y0anHqz6/La/VCUePZkcLDGXX/DyvV4Gg6lOxqZmtvj0ja3KouKKpY7Eze1L4j8FEsg5pPxFFHORtZc2C0BBXbxOx2afAZ0YTPd78oln6DqPlzzj7JkzDDuBQBSvo2t0jS/96rZpmbqP2uiPwtZN3cGGD/1sTsFEFHsf2yfK5PLwAmBC9LELH2YsrQ7Zj+TjOOAuubdl7FrZ4qtoEbJWbOecW4/jLL7MXEpn0gPY6snodk8IvvG7enkj24YMqNpq5evWK6Yugvi7xwgCjAb7JDjfxdCSN0lEzBL0rWK6Dm0YOs16NCLZSao3F3f/tnLgQmBLnodJGT1T3Aw8ftDDTRK/JYSbPrT7vnsZfMG74zjvD8J1LVFECAf+ygxwT4Ni2wWqSJRnNHhvitO3yXiFcfgrGcp7UXjegVySxbymIGVymzVbdFParaY5CPhnL50BmLb9tlNRvqdhMyjWVlBuSrb1VGq+c/TBvtkNqbNTLW7RbkKOgZJpILNb99ypOdPxGod8MnoWXLhoSAZqSw4Se7k7YXDRWWBYDthZW+InW4Pcx3kFFwv2FQ1wH2DqTnwoIrySa4P+cupGZlGMIsa1otMLMIz1x9XC7yx1DsyGqm/wxURAMfPN8IYJ40FI+ES+MjMeTjW3YYUyacOJ/NY/a/TZsP/WttOsCi4u9W3QxadbxxDA6SN3Dn/7hvib3Ucj6onScT5km+ulCYuXZ8wdvATITJTCN5y88yvlcn611TYLXNPsC36XHCTSGjAnrH+OPo=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CO1PR13MB4920.namprd13.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(346002)(396003)(376002)(136003)(366004)(39840400004)(8676002)(38100700002)(6916009)(122000001)(2906002)(86362001)(71200400001)(53546011)(26005)(44832011)(8936002)(6506007)(9686003)(5660300002)(66574015)(7696005)(4326008)(33656002)(478600001)(83380400001)(186003)(52536014)(54906003)(66476007)(66946007)(55016002)(66446008)(64756008)(316002)(76116006)(66556008)(38070700004); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?lV6swMqAT5v/a7joSPFIz2Oy3EkJzeZEQqjoGAU3WAIfEc18YSZKSruF4Ub3?= =?us-ascii?Q?jXuYH+JLs52nFJTJ0ND28ufY27hrJvmuvp2yfEOYVKfCrX1r4glORzDN3/vr?= =?us-ascii?Q?RDJkRWPkQJGAK1nQzeQaVYBmrh+LwiZjEfoXL4uqN7RbbDWWrmNzyMEno57u?= =?us-ascii?Q?UHO4cc8DbpNwJGAwl4RqGHrmjMuPJl4vqirKX+vuYB197UvxqcREtnIk3JPA?= =?us-ascii?Q?Z1+S/fae6J7gpYuazKN3dKTjEtlxSQIH51x+1asKK11WCVO7en4VTw7io2Us?= =?us-ascii?Q?ITsUrJx2/R7AgYtkTw06Jr4+bMN+LkD97Ei8U8IN+Hjs0pi+S0qHPt+XMHmZ?= =?us-ascii?Q?qXXpSxdQZpdkTlFwP6e0FlSEC8cc6xG/qK35q1R9TM9SmjI4/a56oj/ZHtsS?= =?us-ascii?Q?FNPdbPUMuoOwXH3DiO48OAc9MhRhx+H338QbpH+8MYy7h8Wz6rbHc0uFAZnK?= =?us-ascii?Q?y+pSLeN5GBql1X+IThTZGXTGGAb5ChNMJ+bCEgLY4JADDG9gUnZ0JwHSjNdU?= =?us-ascii?Q?rVCJZdWcPdPQkCVIaQFfta1rIYwXmr7SzL43/MUDU6cBAFNBHxAKj5Dibfqf?= =?us-ascii?Q?2tAwC9CIfMUni+gElmKJVdvcfHInxOleTGmU0oCmiEBHr1YIty1LkaGVIMhg?= =?us-ascii?Q?176C5oMxR66OS1P4jFlILL3i8fjeN/QMlzG2nzqdTM41Q9JJI9Z0S+wQomUO?= =?us-ascii?Q?f/KaJWukk46CGQ/3LKALK0ymOkQWgtfNxLJhGhR0LttJGi2PYwLSKPgCHKRZ?= =?us-ascii?Q?S0rbK0vtmljYy2n2Sn424SptVw8AtTjYsh2N66Xr/fks/Yy9iKP0uWIwy1rt?= =?us-ascii?Q?t7p7BRl8XdmXqYxjYd/u28s4zthgxS/d+Y+Pib65ovNienePCoAEaskv84+8?= =?us-ascii?Q?uheJD9p3YsXHCO17mhYIB43m10WyiG2Pxe+GZ5aBHtFv9/t//jyrg/ZZidra?= =?us-ascii?Q?XOuupoyYcvGa1B0wl3zpOOb+NBmLySUMKj4gEw75aBl3bXlGI29cyIAu7a8m?= =?us-ascii?Q?D3ah70lMCgJZDU620MhxZ68SqSuVeMz0a+edFvy6SrwGLovo1jmMmTAtCS/g?= =?us-ascii?Q?Jo4TUHkxEut69y2ag2Z1w1KaGNjl/EYTClsYpkl26cmwwDVf4lS2S1Uh4dIZ?= =?us-ascii?Q?VVarAmXLwYE+s4FZpBLmnmQVwIq+Zg1th+019vNvABQmFisHq7/R7tWpw9Wl?= =?us-ascii?Q?Z5jYTP0FF+KQAdNgeZ9WFufNiWsngETWgE+QFnznQylCTkYnD9SLCa+H2eta?= =?us-ascii?Q?yUU/Wvqkuv72T0tKO7eSPV+AMCDcBfyhlI2/um0vh7y7U3l1vC2tbIcxB7HP?= =?us-ascii?Q?gkj8F34eG65Y4PzaiGxPJAgg?=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: Futurewei.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CO1PR13MB4920.namprd13.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: b0dc7f7f-1a67-42c4-d1e7-08d94b9354df
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Jul 2021 15:30:40.4681 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 0fee8ff2-a3b2-4018-9c75-3a1d5591fedc
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: G8GsaFFXrvmY8fdk7lZZO5R6xqJeaXCT2IewurmFEjj9dWPJWyG6qCXVTmKGIgETAZmzd1cJZoWPK/vpBLlwfA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR1301MB2078
Archived-At: <https://mailarchive.ietf.org/arch/msg/gen-art/L54fLdpMbsRIwo872qI8VgTPpt4>
Subject: Re: [Gen-art] [Last-Call] Genart last call review of draft-housley-ers-asn1-modules-02
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Jul 2021 15:30:53 -0000

Russ, 

Thank you very much for the explanation. 
It makes sense. 

Linda

-----Original Message-----
From: Russ Housley <housley@vigilsec.com> 
Sent: Tuesday, July 20, 2021 9:20 AM
To: Linda Dunbar <linda.dunbar@futurewei.com>
Cc: IETF Gen-ART <gen-art@ietf.org>rg>; Last Call <last-call@ietf.org>rg>; draft-housley-ers-asn1-modules.all@ietf.org
Subject: Re: [Last-Call] Genart last call review of draft-housley-ers-asn1-modules-02

Linda:

Thanks for the review.

> 
> Reviewer: Linda Dunbar
> Review result: Ready with Nits
> 
> I am the assigned Gen-ART reviewer for this draft. The General Area 
> Review Team (Gen-ART) reviews all IETF documents being processed by 
> the IESG for the IETF Chair.  Please treat these comments just like 
> any other last call comments.
> 
> For more information, please see the FAQ at
> 
> <https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftrac.ietf.org%2Ftrac%2Fgen%2Fwiki%2FGenArtfaq&amp;data=04%7C01%7Clinda.dunbar%40futurewei.com%7C4030230f5c7f49d6ae2708d94b8974f8%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637623876015378248%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=jMMTzrlGyeDdIoO37Ry51HW%2BdZsru9bd2mO%2BXlWdlww%3D&amp;reserved=0>.
> 
> Document: draft-housley-ers-asn1-modules-??
> Reviewer: Linda Dunbar
> Review Date: 2021-07-19
> IETF LC End Date: 2021-08-13
> IESG Telechat date: Not scheduled for a telechat
> 
> Summary:
> This document offers alternate ASN.1 modules that conform to the 2002 
> version of ASN.1 for Evidence Record Syntax (ERS).
> 
> Question:
> Is the Evidence Record Syntax specified in this draft going to obsolete RFC4998?

No.  This document offers an informational specification with an ASN.1 syntax that is compatible with conventions adopted in RFC 5911, RFC 5912, and RFC 6268.  However, RFC 4998 generates the same bits on the wire as this new specification.

> 
> How come the AlgorithmIdentifier in this draft is slightly different 
> from the AlgorithmIdentifier in RFC4998?

This is needed to be compatible with conventions adopted in RFC 5911, RFC 5912, and RFC 6268.

> 
> This draft has:
> 
> AlgorithmIdentifier{}, DIGEST-ALGORITHM  FROM 
> AlgorithmInformation-2009 -- in [RFC5912]
>     { iso(1) identified-organization(3) dod(6) internet(1)
>       security(5) mechanisms(5) pkix(7) id-mod(0)
>      id-mod-algorithmInformation-02(58) }
> 
> RFC4998 has:
> AlgorithmIdentifier
>    FROM PKIX1Explicit88
>         { iso(1) identified-organization(3) dod(6)
>            internet(1) security(5) mechanisms(5) pkix(7)
>            mod(0) pkix1-explicit(18) }
> 
> RFC4998's pkix1-explicit(18) is not present in this draft. Is it intended?

Again, this is needed to be compatible with conventions adopted in RFC 5911, RFC 5912, and RFC 6268.  If you look into RFC 5912, you will see that it contains an alternative for the pkix1-explicit module.  This is using that alternative module.

Russ