Re: [Gen-art] [Last-Call] Genart last call review of draft-housley-ers-asn1-modules-02

Russ Housley <housley@vigilsec.com> Tue, 20 July 2021 14:20 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6B4B43A2489 for <gen-art@ietfa.amsl.com>; Tue, 20 Jul 2021 07:20:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RS4Af_JKeNqa for <gen-art@ietfa.amsl.com>; Tue, 20 Jul 2021 07:20:01 -0700 (PDT)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8ABD73A249A for <gen-art@ietf.org>; Tue, 20 Jul 2021 07:20:00 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id AC5BB300BF8 for <gen-art@ietf.org>; Tue, 20 Jul 2021 10:19:59 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id xHRrhtSPjLfQ for <gen-art@ietf.org>; Tue, 20 Jul 2021 10:19:57 -0400 (EDT)
Received: from a860b60074bd.fios-router.home (pool-141-156-161-153.washdc.fios.verizon.net [141.156.161.153]) by mail.smeinc.net (Postfix) with ESMTPSA id 72A09300AEB; Tue, 20 Jul 2021 10:19:57 -0400 (EDT)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.21\))
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <162673944315.11870.1471796709236350376@ietfa.amsl.com>
Date: Tue, 20 Jul 2021 10:19:56 -0400
Cc: IETF Gen-ART <gen-art@ietf.org>, Last Call <last-call@ietf.org>, draft-housley-ers-asn1-modules.all@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <31F2F3D2-2FC3-4870-A737-A01118911A45@vigilsec.com>
References: <162673944315.11870.1471796709236350376@ietfa.amsl.com>
To: Linda Dunbar <linda.dunbar@futurewei.com>
X-Mailer: Apple Mail (2.3445.104.21)
Archived-At: <https://mailarchive.ietf.org/arch/msg/gen-art/MvdW7uw6WlCO5W5yW-vTsFuY07Y>
Subject: Re: [Gen-art] [Last-Call] Genart last call review of draft-housley-ers-asn1-modules-02
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Jul 2021 14:20:12 -0000

Linda:

Thanks for the review.

> 
> Reviewer: Linda Dunbar
> Review result: Ready with Nits
> 
> I am the assigned Gen-ART reviewer for this draft. The General Area
> Review Team (Gen-ART) reviews all IETF documents being processed
> by the IESG for the IETF Chair.  Please treat these comments just
> like any other last call comments.
> 
> For more information, please see the FAQ at
> 
> <https://trac.ietf.org/trac/gen/wiki/GenArtfaq>.
> 
> Document: draft-housley-ers-asn1-modules-??
> Reviewer: Linda Dunbar
> Review Date: 2021-07-19
> IETF LC End Date: 2021-08-13
> IESG Telechat date: Not scheduled for a telechat
> 
> Summary:
> This document offers alternate ASN.1 modules that conform to the 2002 version
> of ASN.1 for Evidence Record Syntax (ERS).
> 
> Question:
> Is the Evidence Record Syntax specified in this draft going to obsolete RFC4998?

No.  This document offers an informational specification with an ASN.1 syntax that is compatible with conventions adopted in RFC 5911, RFC 5912, and RFC 6268.  However, RFC 4998 generates the same bits on the wire as this new specification.

> 
> How come the AlgorithmIdentifier in this draft is slightly different from the
> AlgorithmIdentifier in RFC4998?

This is needed to be compatible with conventions adopted in RFC 5911, RFC 5912, and RFC 6268.

> 
> This draft has:
> 
> AlgorithmIdentifier{}, DIGEST-ALGORITHM
>  FROM AlgorithmInformation-2009 -- in [RFC5912]
>     { iso(1) identified-organization(3) dod(6) internet(1)
>       security(5) mechanisms(5) pkix(7) id-mod(0)
>      id-mod-algorithmInformation-02(58) }
> 
> RFC4998 has:
> AlgorithmIdentifier
>    FROM PKIX1Explicit88
>         { iso(1) identified-organization(3) dod(6)
>            internet(1) security(5) mechanisms(5) pkix(7)
>            mod(0) pkix1-explicit(18) }
> 
> RFC4998's pkix1-explicit(18) is not present in this draft. Is it intended?

Again, this is needed to be compatible with conventions adopted in RFC 5911, RFC 5912, and RFC 6268.  If you look into RFC 5912, you will see that it contains an alternative for the pkix1-explicit module.  This is using that alternative module.

Russ