RE: Last Call: draft-turner-deviceowner-attribute (Device OwnerAttribute) to Informational RFC
"Andrew Sciberras \(GMAIL\)" <andrewsciberras@gmail.com> Mon, 07 September 2009 22:42 UTC
Return-Path: <andrewsciberras@gmail.com>
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 565E13A67B5 for <ietf@core3.amsl.com>; Mon, 7 Sep 2009 15:42:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PXiPI4TH5MSa for <ietf@core3.amsl.com>; Mon, 7 Sep 2009 15:42:38 -0700 (PDT)
Received: from mail-yx0-f193.google.com (mail-yx0-f193.google.com [209.85.210.193]) by core3.amsl.com (Postfix) with ESMTP id E5CF43A6AC9 for <ietf@ietf.org>; Mon, 7 Sep 2009 15:42:37 -0700 (PDT)
Received: by yxe31 with SMTP id 31so5467719yxe.29 for <ietf@ietf.org>; Mon, 07 Sep 2009 15:43:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:from:to:cc:references:subject :date:message-id:mime-version:content-type:content-transfer-encoding :x-mailer:thread-index:x-mimeole:in-reply-to; bh=m66I4GnpG9g4sak0u4GJ8ecR1mLVQgmX9c/p4o34Pgw=; b=dr2iCVkrT2slCx9lyGyQHf6ikeRbw+t22sVHWS7mwd+1iFvvyo8UHOjmlQftEPChUO o61XFxsR5Rzo7o2xlQ6ZlWeNVnqKrAART6gksOFs2yx1BNF/dMMgp8upFQQR9TzDUXGX REmqwYM1xcSpKSqC5cm4+5QEg4d3xDM3aQIBQ=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:to:cc:references:subject:date:message-id:mime-version :content-type:content-transfer-encoding:x-mailer:thread-index :x-mimeole:in-reply-to; b=gBQPGeX3XV8kd1G99nHfa9hhm7RkpCUue4v9dsScw0M2YB24oS/37LV6i+7eod2jZe P6TkGV8J1G2N7XagmxJ6BvfakGM5MEYVCYS9qOHICAtpQbnMEErHvMC2wXB4ULZF0/ED tYVTUK+eYP5flcbDpmKywaGu0kjDuZGuUDEHI=
Received: by 10.90.154.14 with SMTP id b14mr11522018age.85.1252363383258; Mon, 07 Sep 2009 15:43:03 -0700 (PDT)
Received: from Andrews (eth3065.vic.adsl.internode.on.net [150.101.156.248]) by mx.google.com with ESMTPS id 32sm6500069aga.30.2009.09.07.15.42.59 (version=SSLv3 cipher=RC4-MD5); Mon, 07 Sep 2009 15:43:01 -0700 (PDT)
From: "Andrew Sciberras (GMAIL)" <andrewsciberras@gmail.com>
To: 'Sean Turner' <turners@ieca.com>
References: <20090731115228.9130F3A6D4E@core3.amsl.com> <AB8E9FDFCE0743778E91D014D75171BE@softwareaus.com.au> <4A9EAE1F.1040508@ieca.com>
Subject: RE: Last Call: draft-turner-deviceowner-attribute (Device OwnerAttribute) to Informational RFC
Date: Tue, 08 Sep 2009 08:42:56 +1000
Message-ID: <640AE8B2C5AA4EEB997CDDF4DE0035E7@softwareaus.com.au>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
Thread-Index: Acor9ILN8FmV1JnPRkiH3fpayUPFwwEFgz7Q
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5579
In-Reply-To: <4A9EAE1F.1040508@ieca.com>
X-Mailman-Approved-At: Tue, 08 Sep 2009 09:17:03 -0700
Cc: ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Sep 2009 22:42:39 -0000
Hi Sean Thanks for the response - all looks good to me. In regards to the 'exact' matching, I raised that because the X.500/LDAP countryName attribute behaves in a case insensitive manner for these country codes - i.e. 'AU' will match 'au'. Not that it matters at all - but if you're thinking of altering the behavior to be case insensitive, then this will align it with the way that country codes are used in LDAP and X.500. Andrew. -----Original Message----- From: Sean Turner [mailto:turners@ieca.com] Sent: Thursday, 3 September 2009 3:41 AM To: Andrew Sciberras (GMAIL) Cc: ietf@ietf.org Subject: Re: Last Call: draft-turner-deviceowner-attribute (Device OwnerAttribute) to Informational RFC Andrew, Thank for taking the time to review the draft. Responses inline. spt Andrew Sciberras (GMAIL) wrote: > Hello > > I have a few minor comments: > > 1. > The definition of the deviceOwner attribute in section 2 indicates: > "IDENTIFIED BY id-deviceOwner" > > This should be updated to reflect the text in Appendix A: > "IDENTIFIED BY id-aa-KP-deviceOwner" I'll update the oid name. > 2. > The ASN.1 definitions (section 2 and appendix a) of DeviceOwner contain the > following: > "numericCountry INTEGER ( SIZE (0...999)," > > The ASN.1 (X.680) notation for a range separator is ".." rather than an > ellipsis. The syntax of the numericCountry choice should be changed to this: > "numericCountry INTEGER ( SIZE (0..999)," As somebody else pointed out SIZE constraints can't be applied to INTEGER. It needs to be "numericCountry INTEGER (0..999)". > 3. > The matching rule is defined to be: > "This rule returns a TRUE if and only if the DeviceOwner value exactly > matches the presented value. " > > By "exactly" do you mean that case is sensitive for the Printable Strings? > I.e. "AU" will not match "au"? Yes that's what it means. But now that you ask I think something like caseIgnoreMatch "The rule returns TRUE if the strings are the same length and corresponding characters are identical except possibly with regard to case" is probably more appropriate. > 4. > The ID indicates that no IANA considerations are required since the > identifiers are already registered. > It would be preferable if the attribute type and matching rule definitions > were registered with the IANA LDAP descriptors registry. After some discussions with Kurt Zeilenga, I think we're not going to register the attributes. I originally thought we could just say something like the attribute could be used here, there, and everywhere an attribute can be used. I was unaware of the hoops to jump through to claim that it could be used in LDAP. I think it could be used in an LDAP directory but we're going to target these attributes for public key and attribute certificates. If we end up needing to include these in a directory, then we'll update this spec to add the required text to put them in a directory (schema, transfer syntax, etc.). I'll modify the intro to say this: This document specifies the Device Owner attribute. This attribute may be included in locations or protocols that support ASN.1 attribute definitions to indicate the country or group that owns the device. NOTE: This document does not provide LDAP equivalent schema specification as this attribute is targeted at public key certificates [RFC5280] and attribute certificates [RFC3281bis]. This is left to a future specification. > Regards, > Andrew Sciberras > > > >> -----Original Message----- >> From: ietf-announce-bounces@ietf.org > [mailto:ietf-announce-bounces@ietf.org] On >> Behalf Of The IESG >> Sent: Friday, 31 July 2009 9:52 PM >> To: IETF-Announce >> Subject: Last Call: draft-turner-deviceowner-attribute (Device > OwnerAttribute) to >> Informational RFC >> >> The IESG has received a request from an individual submitter to consider >> the following document: >> >> - 'Device Owner Attribute ' >> <draft-turner-deviceowner-attribute-01.txt> as an Informational RFC >> >> The IESG plans to make a decision in the next few weeks, and solicits >> final comments on this action. Please send substantive comments to the >> ietf@ietf.org mailing lists by 2009-08-28. Exceptionally, >> comments may be sent to iesg@ietf.org instead. In either case, please >> retain the beginning of the Subject line to allow automated sorting. >> >> The file can be obtained via >> http://www.ietf.org/internet-drafts/draft-turner-deviceowner-attribute-01.t > xt >> >> IESG discussion can be tracked via >> https://datatracker.ietf.org/public/pidtracker.cgi?command=view_id&dTag=177 > 56&rfc >> _flag=0 >> >> _______________________________________________ >> IETF-Announce mailing list >> IETF-Announce@ietf.org >> https://www.ietf.org/mailman/listinfo/ietf-announce > > _______________________________________________ > Ietf mailing list > Ietf@ietf.org > https://www.ietf.org/mailman/listinfo/ietf >
- RE: Last Call: draft-turner-deviceowner-attribute… Andrew Sciberras (GMAIL)
- Re: Last Call: draft-turner-deviceowner-attribute… Sean Turner
- RE: Last Call: draft-turner-deviceowner-attribute… Andrew Sciberras (GMAIL)
- Re: Last Call: draft-turner-deviceowner-attribute… Sean Turner