Re: [Gen-art] Genart last call review of draft-ietf-stir-certificates-15
Alissa Cooper <alissa@cooperw.in> Tue, 12 December 2017 19:47 UTC
Return-Path: <alissa@cooperw.in>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 591CC128656; Tue, 12 Dec 2017 11:47:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cooperw.in header.b=TPtia69U; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=osqq05bZ
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0YM3CRP7UYVN; Tue, 12 Dec 2017 11:47:16 -0800 (PST)
Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5D96B12952D; Tue, 12 Dec 2017 11:47:16 -0800 (PST)
Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id A45A32176D; Tue, 12 Dec 2017 14:47:15 -0500 (EST)
Received: from frontend2 ([10.202.2.161]) by compute7.internal (MEProxy); Tue, 12 Dec 2017 14:47:15 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cooperw.in; h=cc :content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm1; bh=jZyVu4na17y2Q0VcGe6Gdg19fbUwX mY3td61gRUicYk=; b=TPtia69UYbN73WXvNoIi4qUiPw9ir/PWX7Y9WsgXb2CvW 2P0BK6HSPonf0+JH8dbiMC38vYoUeu5sNG3b27ocvOPbu86cp68gaGR8cGzCIqru brqFpZ74ji/rCSFxdmVQMaLA/OQcT7g4e1UzQO6zrrPVJ9HOoKkif4TL4pFL8jJ7 vNj41YU3wiN5TQjRLAuKhk0EstqteCYhlOp3MWagkS4OiSpiEyj/r97HZfOW9Gpq /xGnlUnALeG45Ef67QqgoIjSJrBe0BZc5lDByF0UDasoQAcBuCQqhMMh9UFKkCHw SmydMy5y2Aq22JDoDy3LGZp3iKcAG08Vtl/0PdOFQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=jZyVu4 na17y2Q0VcGe6Gdg19fbUwXmY3td61gRUicYk=; b=osqq05bZvTq7KJ7jBc9teq DvsdAy6mAd3HBdIAIl8jmxErr7UZIlvr9J1TuMH0G5g2qv3Hx5dxGmELRuX/WblQ 9QwxgZUd/Non10krib3sA82maFruwDTliJB9saqPjLJXEZMriCt3udH8kdVWmW66 reUkvNBgiw5O6P9igaSW2zXtJusSaVC1K4frfqnpI1vgL/k2RHuD5UvlXFYShvhA A4cIOZqsjTZyvFyIoiWAszWa//IBlGmIEWphQPVb1q+HTspxt6UzUxEqscPoTQox ArLw6jR+ppRYAkqrEv9rOxfL1/b8L/kmpsMBTDMWY32HkP2KGHLbn4KPWPOIiKVg ==
X-ME-Sender: <xms:QzIwWgheGadpAPHNKl8FHxSowNv2c1e8vFdGlVmDCJSSbXvSnbYW4A>
Received: from sjc-alcoop-8816.cisco.com (unknown [128.107.241.187]) by mail.messagingengine.com (Postfix) with ESMTPA id A5A5F24211; Tue, 12 Dec 2017 14:47:14 -0500 (EST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: Alissa Cooper <alissa@cooperw.in>
In-Reply-To: <151090177468.22136.5281729043778955691@ietfa.amsl.com>
Date: Tue, 12 Dec 2017 14:47:12 -0500
Cc: gen-art <gen-art@ietf.org>, draft-ietf-stir-certificates.all@ietf.org, stir@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <7EB81722-50D3-4897-9615-C63EF6F9CD88@cooperw.in>
References: <151090177468.22136.5281729043778955691@ietfa.amsl.com>
To: Joel Halpern <jmh@joelhalpern.com>
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/gen-art/ntGNIhi5t6PtqH7_Y7zHRY-_Eks>
Subject: Re: [Gen-art] Genart last call review of draft-ietf-stir-certificates-15
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Dec 2017 19:47:18 -0000
Joel, thanks for your review. Sean, thanks for your response. I’m keeping my Yes ballot from the last time around. I don’t have a strong opinion about the trust anchor issue. Best, Alissa > On Nov 17, 2017, at 1:56 AM, Joel Halpern <jmh@joelhalpern.com> wrote: > > Reviewer: Joel Halpern > Review result: Ready > > I am the assigned Gen-ART reviewer for this draft. The General Area > Review Team (Gen-ART) reviews all IETF documents being processed > by the IESG for the IETF Chair. Please treat these comments just > like any other last call comments. > > For more information, please see the FAQ at > > <https://trac.ietf.org/trac/gen/wiki/GenArtfaq>. > > Document: draft-ietf-stir-certificates-15 > Reviewer: Joel Halpern > Review Date: 2017-11-16 > IETF LC End Date: 2017-11-30 > IESG Telechat date: 2017-12-14 > > Summary: > > Major issues: > > Minor issues: > Section 4 bullet 4 in naming the crypto algorithms refers quite clearly to > 2 algorithms. It then references one of them as RS256. I assume those > versed in the field will know which one is meant. But it would be better > if the abbreviation RS256 appeared next to the first reference to whichever > algorithm it means. > > The security considerations section points to RFC 5280 security > considerations for most issues. I presume that the intention is to use > that section regarding trusting CAs. However, it seems that there is an > issue here much like that of classic web CAs. The number of CAs that must > be trusted seems to be on the order of the number of countries in the > world. That seems to leave a large window for false or misleading > certifications, as I can see nothing which restricts what numbers for which > those top level CAs can provide attestation. I presume we do not want to > go down the path of requiring an uber-CA for all national authorities. I > would expect some explicit recognition of this issue in this document. > > Nits/editorial comments: > > > _______________________________________________ > Gen-art mailing list > Gen-art@ietf.org > https://www.ietf.org/mailman/listinfo/gen-art
- [Gen-art] Genart last call review of draft-ietf-s… Joel Halpern
- Re: [Gen-art] Genart last call review of draft-ie… Sean Turner
- Re: [Gen-art] Genart last call review of draft-ie… Joel Halpern Direct
- Re: [Gen-art] [stir] Genart last call review of d… Gorman, Pierce A [CTO]
- Re: [Gen-art] Genart last call review of draft-ie… Alissa Cooper