Re: Last Call: <draft-santesson-auth-context-extension-09.txt> (Authentication Context Certificate Extension) to Proposed Standard
Russ Housley <housley@vigilsec.com> Tue, 17 November 2015 16:28 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5E8E31A017D for <ietf@ietfa.amsl.com>; Tue, 17 Nov 2015 08:28:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.9
X-Spam-Level:
X-Spam-Status: No, score=-101.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xIvit6ezBe4d for <ietf@ietfa.amsl.com>; Tue, 17 Nov 2015 08:28:41 -0800 (PST)
Received: from odin.smetech.net (x-bolt-wan.smeinc.net [209.135.219.146]) by ietfa.amsl.com (Postfix) with ESMTP id 32A741A016A for <ietf@ietf.org>; Tue, 17 Nov 2015 08:28:41 -0800 (PST)
Received: from localhost (unknown [209.135.209.5]) by odin.smetech.net (Postfix) with ESMTP id 7EE9AF2403D; Tue, 17 Nov 2015 11:28:30 -0500 (EST)
X-Virus-Scanned: amavisd-new at smetech.net
Received: from odin.smetech.net ([209.135.209.4]) by localhost (ronin.smeinc.net [209.135.209.5]) (amavisd-new, port 10024) with ESMTP id QFUUzHooLnxj; Tue, 17 Nov 2015 11:26:50 -0500 (EST)
Received: from [192.168.2.104] (pool-108-51-128-219.washdc.fios.verizon.net [108.51.128.219]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by odin.smetech.net (Postfix) with ESMTP id 818DFF24035; Tue, 17 Nov 2015 11:27:59 -0500 (EST)
Subject: Re: Last Call: <draft-santesson-auth-context-extension-09.txt> (Authentication Context Certificate Extension) to Proposed Standard
Mime-Version: 1.0 (Apple Message framework v1085)
Content-Type: text/plain; charset="us-ascii"
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <CAHbuEH4GFbxsjCtt4ML9ghdYw1Dw5UsUaGsRrfu3oz=NXk_3zQ@mail.gmail.com>
Date: Tue, 17 Nov 2015 11:27:48 -0500
Content-Transfer-Encoding: quoted-printable
Message-Id: <4B6CB39F-1CC1-4DD8-ADFE-C9A1BA4DB5F7@vigilsec.com>
References: <20150929220819.10295.26903.idtracker@ietfa.amsl.com> <564B483B.5040100@cs.tcd.ie> <CAHbuEH4GFbxsjCtt4ML9ghdYw1Dw5UsUaGsRrfu3oz=NXk_3zQ@mail.gmail.com>
To: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
X-Mailer: Apple Mail (2.1085)
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/XZqjGmjPokiMdzG2xI3G60Av56w>
Cc: IETF <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Nov 2015 16:28:43 -0000
I have no objection to the change from Information to Standards Track. However, there are some errors in the ASN.1 modules that need to be corrected.
The module in Appendix A.1 uses the 1988 syntax, and it imports but never uses the Extension type. Removing the IMPORT statement altogether will resolve this problem.
The module in Appendix A.2 uses the 2008 syntax, and the IMPORT statement is missing the ending semi-colon.
In addition, the Appendix A.2 should contain an extension set similar to the ones in RFC 5912. I suggest something like:
ElegnamndenCertExtensions EXTENSION ::= {
ext-AuthenticationContext, ... }
Russ
On Nov 17, 2015, at 10:34 AM, Kathleen Moriarty wrote:
> The draft below was sent through last call as Proposed Standard, which
> was intended, but the document header was listed as informational. If
> there is no issue changing the header and proceeding as proposed
> standard, we'll go ahead with that. Please let me know if there is a
> problem and we'll put it through as informational, it was marked
> correctly everywhere else and did go through the 4 week last call
> process.
>
> Thank you,
> Kathleen
>
>
>> Subject: Last Call: <draft-santesson-auth-context-extension-09.txt>
>> (Authentication Context Certificate Extension) to Proposed Standard
>> Date: Tue, 29 Sep 2015 15:08:19 -0700
>> From: The IESG <iesg-secretary@ietf.org>
>> Reply-To: ietf@ietf.org
>> To: IETF-Announce <ietf-announce@ietf.org>
>>
>>
>> The IESG has received a request from an individual submitter to consider
>> the following document:
>> - 'Authentication Context Certificate Extension'
>> <draft-santesson-auth-context-extension-09.txt> as Proposed Standard
>>
>> The IESG plans to make a decision in the next few weeks, and solicits
>> final comments on this action. Please send substantive comments to the
>> ietf@ietf.org mailing lists by 2015-10-27. Exceptionally, comments may be
>> sent to iesg@ietf.org instead. In either case, please retain the
>> beginning of the Subject line to allow automated sorting.
>>
>> Abstract
>>
>>
>> This document defines an extension to certificates according to
>> [RFC5280]. The extension defined in this document holds data about
>> how the certificate subject was authenticated by the Certification
>> Authority that issued the certificate in which this extension appears
>>
>> This document also defines one data structure for inclusion in this
>> Extension. The data structure is designed to hold information when
>> the subject is authenticated using a SAML assertion [SAML].
>>
>>
>>
>>
>> The file can be obtained via
>> https://datatracker.ietf.org/doc/draft-santesson-auth-context-extension/
>>
>> IESG discussion can be tracked via
>> https://datatracker.ietf.org/doc/draft-santesson-auth-context-extension/ballot/
>>
>>
>> No IPR declarations have been submitted directly on this I-D.
>>
>> Note: The editorial comments in the shepherd report have been addressed.
>> These will be removed/updated in a future version of the shepherd
>> report, but I didn't want to hold up processing of this draft any further.
>>
- Re: Last Call: <draft-santesson-auth-context-exte… Kathleen Moriarty
- Re: Last Call: <draft-santesson-auth-context-exte… Scott Bradner
- Re: Last Call: <draft-santesson-auth-context-exte… Kathleen Moriarty
- Re: Last Call: <draft-santesson-auth-context-exte… Russ Housley