[Gen-art] RE: Gen-ART review of draft-ietf-ltans-ers-13.txt
"Tobias Gondrom" <tgondrom@opentext.com> Fri, 01 June 2007 16:19 UTC
Return-path: <gen-art-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1Hu9qO-0007NE-Ol; Fri, 01 Jun 2007 12:19:16 -0400
Received: from gen-art by megatron.ietf.org with local (Exim 4.43) id 1Hu9qN-0007Mn-Uq for gen-art-confirm+ok@megatron.ietf.org; Fri, 01 Jun 2007 12:19:15 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Hu9qN-0007MY-Kf for gen-art@ietf.org; Fri, 01 Jun 2007 12:19:15 -0400
Received: from mucmx02.ixos.de ([149.235.128.47]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Hu9qM-0004zY-4j for gen-art@ietf.org; Fri, 01 Jun 2007 12:19:15 -0400
Received: from MUCXGC2.opentext.net (localhost [127.0.0.1]) by mucmx02.ixos.de (8.12.10+Sun/8.12.10) with ESMTP id l51GJ4lk026031; Fri, 1 Jun 2007 18:19:04 +0200 (MEST)
X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Date: Fri, 01 Jun 2007 18:19:03 +0200
Message-ID: <2666EB2A846BAC4BB2D7F593301A7868010A9FFB@MUCXGC2.opentext.net>
In-Reply-To: <886F5D4C78AFB14D87261206BFB9612E1D0608D1@scygmxs1.cygnacom.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Gen-ART review of draft-ietf-ltans-ers-13.txt
Thread-Index: AcekZUogWwtp00CGQrOcTtI4bQDocwAAwa9g
X-Priority: 5
Priority: Non-Urgent
Importance: low
From: Tobias Gondrom <tgondrom@opentext.com>
To: Carl Wallace <CWallace@cygnacom.com>, Brian E Carpenter <brian.e.carpenter@gmail.com>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: d6b0e0d49fdeccc4f4975ee60f85ef51
Cc: ralf.brandner@intercomponentware.com, General Area Review Team <gen-art@ietf.org>, Tim Polk <wpolk@nist.gov>, ulrich.pordesch@zv.fraunhofer.de
Subject: [Gen-art] RE: Gen-ART review of draft-ietf-ltans-ers-13.txt
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/gen-art>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============1692204896=="
Errors-To: gen-art-bounces@ietf.org
Ok. Thank you, Carl and Brian. I just submitted draft-ietf-ltans-ers-15.txt with the change as proposed by Brian. Best regards and have a nice weekend, Tobias ________________________________ From: Carl Wallace [mailto:CWallace@cygnacom.com] Sent: Friday, June 01, 2007 5:55 PM To: Tobias Gondrom Cc: General Area Review Team; ralf.brandner@intercomponentware.com; ulrich.pordesch@zv.fraunhofer.de; Tim Polk; Brian E Carpenter Subject: RE: Gen-ART review of draft-ietf-ltans-ers-13.txt I like Brian's clarification that the verification data be preserved but that it is not required to appear in the timestamp. > -----Original Message----- > From: Tobias Gondrom [mailto:tgondrom@opentext.com] > Sent: Friday, June 01, 2007 10:10 AM > To: Carl Wallace > Cc: General Area Review Team; > ralf.brandner@intercomponentware.com; > ulrich.pordesch@zv.fraunhofer.de; Tim Polk; Brian E Carpenter > Subject: RE: Gen-ART review of draft-ietf-ltans-ers-13.txt > > Ok. > So, than this up to your judgement, Carl. > - Tobias > > > Ps.: if you tell me to do so, I will submit a revised draft > right away, otherwise Tim can progress the draft. > > > > > -----Original Message----- > > From: Brian E Carpenter [mailto:brian.e.carpenter@gmail.com] > > Sent: Friday, June 01, 2007 4:03 PM > > To: Tobias Gondrom > > Cc: Carl Wallace; General Area Review Team; > > ralf.brandner@intercomponentware.com; > ulrich.pordesch@zv.fraunhofer.de; > > Tim Polk > > Subject: Re: Gen-ART review of draft-ietf-ltans-ers-13.txt > > > > Thanks. I believe there is an issue of clarity here, but as always, > > please take guidance from the document shepherd. > > > > Brian > > > > > > On 2007-06-01 15:20, Tobias Gondrom wrote: > > > Hello Brian, > > > > > > Concerning the sentence in section 4.2: > > > I do not see a big difference between your proposal: > > > "The data (e.g. certificates, CRLs or OCSP-Responses) needed to > verify > > > the timestamp MUST be preserved, and SHOULD be stored in the > timestamp > > > itself unless this causes unnecessary duplication." > > > > > > And the existing text: > > > "The data (e.g. certificates, CRLs or OCSP-Responses) needed to > verify > > > the timestamp SHOULD be stored in the timestamp itself or MUST be > > > preserved otherwise." > > > > > > Although I do not see the need to change it, I can see no damage > either. > > > > > > So, if this re-wording solves your comment, we can make > the change. > > > > > > Ok? > > > > > > Tobias > > > > > > > > > > > >> -----Original Message----- > > >> From: Brian E Carpenter [mailto:brian.e.carpenter@gmail.com] > > >> Sent: Friday, June 01, 2007 1:16 PM > > >> To: Tobias Gondrom > > >> Cc: Carl Wallace; General Area Review Team; > > >> ralf.brandner@intercomponentware.com; > > > ulrich.pordesch@zv.fraunhofer.de; > > >> Tim Polk > > >> Subject: Re: Gen-ART review of draft-ietf-ltans-ers-13.txt > > >> > > >> On 2007-06-01 12:11, Tobias Gondrom wrote: > > >>> Hello Brian, > > >>> Answer/Comments inline. > > >>> Tobias > > >>> > > >>> Ps.: I hope you do not feel your comment got ignored, cause that > has > > >>> never been my intention. (I just thought my explanation was > > > satisfying, > > >>> as you indicated in your email May-22 and closed the item > > > accordingly.) > > >> No problem at all - I just thought about it some more. > We Gen-ART > > >> reviewers have a habit of looking at SHOULD and SHOULD NOT quite > > >> closely, > > > because > > >> we know that they can cause indecision among implementers. For > > > example, > > >> you could say something like this: > > >> > > >> The data (e.g. certificates, CRLs or OCSP-Responses) needed to > verify > > >> the timestamp MUST be preserved, and SHOULD be stored in the > timestamp > > >> itself unless this causes unnecessary duplication. > > >> > > >> It's up to you, I am not insisting on a change. > > >> > > >> Brian > > >> > > >> > > >> > > >>> > > >>>> -----Original Message----- > > >>>> From: Brian E Carpenter [mailto:brian.e.carpenter@gmail.com] > > >>>> Sent: Friday, June 01, 2007 11:28 AM > > >>>> To: Carl Wallace > > >>>> Cc: Tobias Gondrom; General Area Review Team; > > >>>> ralf.brandner@intercomponentware.com; > > >>> ulrich.pordesch@zv.fraunhofer.de; > > >>>> Tim Polk > > >>>> Subject: Re: Gen-ART review of draft-ietf-ltans-ers-13.txt > > >>>> > > >>>> Triggered by seeing -14 come out: > > >>>> > > >>>> On 2007-05-21 20:44, Carl Wallace wrote: > > >>>>>>> 1. At the end of section 4.2: > > >>>>>>> > > >>>>>>> The data (e.g. certificates, CRLs or OCSP-Responses) > > >>>>>> needed to verify > > >>>>>>> the timestamp SHOULD be stored in the timestamp > itself or MUST > > > be > > >>>>>>> preserved otherwise. > > >>>>>>> > > >>>>>>> I find this insufficiently clear. When would it be > > >>>>>> acceptable not to > > >>>>>>> store these data in the timestamp, and if not done so, how > > >>>>>> would the > > >>>>>>> retriever know where to look? > > >>>>>> [tg]: There are three main reasons why we did intentionally > > >>>>>> write this up in this level of detail: > > >>>>>> At first, most of the verification of a > RFC3161-timestamp has > > >>>>>> been documented very well in the timestamp and CMS > > >>>>>> specifications. Second, ERS is open for other timestamps as > > >>>>>> well (e.g. ISO-18014-x) and they may (and do) require other > > >>>>>> verification data than RFC3161, plus these other formats may > > >>>>>> not be able to store all the necessary information for > > >>>>>> verification inside their data structures. > > >>>>>> And third, as some of the verification data may be > dependent on > > >>>>>> the use case and country where it is verified, the > WG works on > > >>>>>> the I-D > > >>>>>> > http://www.ietf.org/internet-drafts/draft-ietf-ltans-validate- > > >>>>>> 01.txt to describe the verification and the required data in > > >>>>>> more detail. > > >>>>> In addition to the above, the "SHOULD be stored in the > timestamp" > > >>>>> recommendation is present in the spec because this is the > easiest > > >>>> option. > > >>>>> If the timestamp contains all of the verification data, then > there > > >>> is > > >>>> less > > >>>>> work for the verifier to perform. However, this also freezes > the > > >>>>> verification context (if this is the only means of preserving > > >>>> verification > > >>>>> data). There is a companion specification that defines how to > use > > >>> SCVP > > >>>> and > > >>>>> ERS to preserve certificates and CRLs independent of > a data item > > >>> that is > > >>>>> archived. This has a few benefits, including decreasing the > > > storage > > >>>> burden > > >>>>> on the archive and avoiding freezing the validation context. > > >>>>> > > >>>> I'm still a little unhappy about the SHOULD. How does an > > > implementor > > >>> know > > >>>> that it's OK to ignore the SHOULD? If the data is not stored in > the > > >>>> timestamp, > > >>>> shouldn't you say that a pointer to the data MUST be stored in > the > > >>>> timestamp? > > >>> No, this would not be good. For verification data, we have today > > > what > > >>> you might call like "implicit pointers" in the > timestamp, i.e. the > > >>> timestamp authority source name etc. gives you the information > from > > >>> where to receive the additional verification data like its > > > certificate > > >>> and CRL/OCSP. > > >>> So with the timestamp this is already implicitly known and it > would > > > be a > > >>> bad idea to force another explicit pointer to the structure. > > >>> > > >>> > > >>> (additional personal note: in general a verification > procedure of > > > the > > >>> timestamp must also include this data (certificate and (CRL OR > > > OCSP). > > >>> This can be done by retrieving the information from an online > source > > >>> (defined by the TSA name and address) or from the data > structures > of > > > the > > >>> timestamp or another source (e.g. a file store at the > verification > > >>> entity). > > >>> For infinite times it is obvious that the online source will no > > > longer > > >>> be available. But many use cases require a long (but > not infinite) > > >>> storage time where renewal is absolutely necessary, but > where the > > >>> business scenario guarantees that the verification data will be > > >>> available for the whole time. (e.g. some TSA guarantee > (including > a > > >>> government continuation guarantee) that the service will be > > > available > > >>> online for a specified time, e.g. 30 years, even if the > TSA closes > > >>> down.) > > >>> This again leads to the term SHOULD but not MUST.) > > >>> > > >>> > > > >
_______________________________________________ Gen-art mailing list Gen-art@ietf.org https://www1.ietf.org/mailman/listinfo/gen-art
- [Gen-art] Gen-ART review of draft-ietf-ltans-ers-… Brian E Carpenter
- [Gen-art] Gen-ART review of draft-ietf-ltans-ers-… Brian E Carpenter
- [Gen-art] RE: Gen-ART review of draft-ietf-ltans-… Tobias Gondrom
- Re: [Gen-art] RE: Gen-ART review of draft-ietf-lt… Russ Housley
- [Gen-art] RE: Gen-ART review of draft-ietf-ltans-… Carl Wallace
- [Gen-art] Re: Gen-ART review of draft-ietf-ltans-… Brian E Carpenter
- RE: [Gen-art] RE: Gen-ART review of draft-ietf-lt… Tobias Gondrom
- [Gen-art] Re: Gen-ART review of draft-ietf-ltans-… Brian E Carpenter
- [Gen-art] RE: Gen-ART review of draft-ietf-ltans-… Tobias Gondrom
- [Gen-art] Re: Gen-ART review of draft-ietf-ltans-… Brian E Carpenter
- [Gen-art] RE: Gen-ART review of draft-ietf-ltans-… Tobias Gondrom
- [Gen-art] Re: Gen-ART review of draft-ietf-ltans-… Brian E Carpenter
- [Gen-art] RE: Gen-ART review of draft-ietf-ltans-… Tobias Gondrom
- [Gen-art] RE: Gen-ART review of draft-ietf-ltans-… Carl Wallace
- [Gen-art] RE: Gen-ART review of draft-ietf-ltans-… Tobias Gondrom