Re: [Last-Call] [EXTERNAL] Opsdir last call review of draft-ietf-lamps-ocsp-nonce-update-05
Himanshu Sharma <himanshu@netskope.com> Thu, 11 April 2024 22:28 UTC
Return-Path: <himanshu@netskope.com>
X-Original-To: last-call@ietfa.amsl.com
Delivered-To: last-call@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3A511C14F61F for <last-call@ietfa.amsl.com>; Thu, 11 Apr 2024 15:28:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.092
X-Spam-Level:
X-Spam-Status: No, score=-7.092 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=netskope.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qx_s7y_vTzL6 for <last-call@ietfa.amsl.com>; Thu, 11 Apr 2024 15:28:05 -0700 (PDT)
Received: from us-smtp-delivery-117.mimecast.com (us-smtp-delivery-117.mimecast.com [170.10.133.117]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0D81CC14F6E9 for <last-call@ietf.org>; Thu, 11 Apr 2024 15:28:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netskope.com; s=mimecast20210603; t=1712874483; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=InMO+Q0mtcjBRJoLYtANU+78jhH/OEp0y8SJA/DW5fU=; b=dBfwYxv2SeiUASmF0SpuYxDgf0ss0+O8EkT0//C8TaGmMEMvsVBVU38/wVtz/b1Di6sGoo blgwL4IKpVljppHp3w1E5H0ttbxpsom1HnKTGvdrvs+Wld06/TG+GIGaZYcJl1NOQhXm7E o9DM6WTIVczAmHNAS2jSmkEJmaR8Z4A=
Received: from mail-pg1-f199.google.com (mail-pg1-f199.google.com [209.85.215.199]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-62-J6U7TSsHOwWfyIbPxR-qfA-1; Thu, 11 Apr 2024 18:28:01 -0400
X-MC-Unique: J6U7TSsHOwWfyIbPxR-qfA-1
Received: by mail-pg1-f199.google.com with SMTP id 41be03b00d2f7-5cfd6ba1c11so275155a12.0 for <last-call@ietf.org>; Thu, 11 Apr 2024 15:28:00 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712874480; x=1713479280; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:dkim-signature:x-gm-message-state:from:to:cc:subject :date:message-id:reply-to; bh=BFBIgaIDtkOGJqegxcOjT4ZZIdgzp8ZZnNdfwvUoHr8=; b=FWtZnQzdmNd9Fl+fMfsUxez+lb/j/8bNki98OlV2n/nMyUciS6ETVKQD/prqdK1Zrb 6tLdjmZVraeENOkTCr5ozvY1nqlKU5rqdWrKmBJl+bgZ5wna8DpkWo6gWzYzPd90UpKy uY3HQ2zDUgds3s/c67DPu953l9cxGO+k9vyPVX+iZrjiVJup7D0fztNUhmALUjUSPP4G TmwXsI+uR2PDxJHA5AMeG+oD670EyD5WwwwtGf9QDKxVpqJQjAo/JADgkuS7fzRNAAOk YxxzJOfJeW6GzSS9d/GTtkx3G+jrfI8L3Xn5XjAlJ1S55q9jC/sqqtBPg91P7CghpTD4 Ptag==
X-Forwarded-Encrypted: i=1; AJvYcCUYvDiQ0+YMX/ap5LkZ0utLQVI0WnRWlD/rfU3kwdCTvhHnaTJPfl7+wTsnvxLrqDhyG/DWeE2MIk0QOscSrU8CSe8=
X-Gm-Message-State: AOJu0YwhFTVhGoMUQ+t/2AC0LJluS8sILvqOwlWhbKcXr35Zei16YRXD 3LtgXcNjjcCX2l+P0Bwlp6d46bbQEW+TexZqE7BOXdo05dPIQD7ADCJn1dCwGJoa9wONUz/y7Kq r6Jm6w/lgPSMezUlkLRTF+stwCIDeOg3/IG5n33DJSzUidOhyIFxLcANkSVS5PwsO3wBSmPxmii 0z+ryqwTTfKzyfYBARGOZkcTa3
X-Received: by 2002:a05:6a21:19b:b0:1a3:bb75:17ab with SMTP id le27-20020a056a21019b00b001a3bb7517abmr1290806pzb.59.1712874479963; Thu, 11 Apr 2024 15:27:59 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IHiux2F1SNwZoei6R/XkNQ8BCkudCwBj2xGhU/ejQDzm98fWVUAYZXY4k+2gMwTbDPLqwskr2C3T/zy
X-Received: by 2002:a05:6a21:19b:b0:1a3:bb75:17ab with SMTP id le27-20020a056a21019b00b001a3bb7517abmr1290795pzb.59.1712874479647; Thu, 11 Apr 2024 15:27:59 -0700 (PDT)
Received: from netskope.com ([163.116.128.212]) by smtp-relay.gmail.com with ESMTPS id u4-20020a170902bf4400b001e27fc185f2sm73084pls.56.2024.04.11.15.27.58 for <last-call@ietf.org> (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 11 Apr 2024 15:27:59 -0700 (PDT)
X-Relaying-Domain: netskope.com
Received: by mail-pl1-f198.google.com with SMTP id d9443c01a7336-1e2a553aad6so2885635ad.1 for <last-call@ietf.org>; Thu, 11 Apr 2024 15:27:55 -0700 (PDT)
X-Forwarded-Encrypted: i=1; AJvYcCXI93lFZA+T22fApkj6UtBVK70feEkWlPZcFAwARftfa5ZPJdtCS4wxmZnOyqi9V2SqdohrELcjOkYxLJigeBapKyg=
X-Received: by 2002:a17:902:d4c8:b0:1e4:d548:81a0 with SMTP id o8-20020a170902d4c800b001e4d54881a0mr929630plg.67.1712874475234; Thu, 11 Apr 2024 15:27:55 -0700 (PDT)
X-Received: by 2002:a17:902:d4c8:b0:1e4:d548:81a0 with SMTP id o8-20020a170902d4c800b001e4d54881a0mr929615plg.67.1712874474822; Thu, 11 Apr 2024 15:27:54 -0700 (PDT)
MIME-Version: 1.0
References: <171269011520.2420.5933358132842531673@ietfa.amsl.com> <CAL9pJ7mzW6QW_MXybbUHEg55387uL6Hq6w2+b87JsH5kGYE6iA@mail.gmail.com> <DM6PR08MB4857C73464F9D1ECFB66B737B3062@DM6PR08MB4857.namprd08.prod.outlook.com>
In-Reply-To: <DM6PR08MB4857C73464F9D1ECFB66B737B3062@DM6PR08MB4857.namprd08.prod.outlook.com>
From: Himanshu Sharma <himanshu@netskope.com>
Date: Thu, 11 Apr 2024 15:27:43 -0700
Message-ID: <CAL9pJ7k8hzhHq7oCUHWO2V6dUOPdshsx_rhzPhwmoNjJt5_=9g@mail.gmail.com>
To: Susan Hares <shares@ndzh.com>
Cc: "ops-dir@ietf.org" <ops-dir@ietf.org>, "draft-ietf-lamps-ocsp-nonce-update.all@ietf.org" <draft-ietf-lamps-ocsp-nonce-update.all@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>, "spasm@ietf.org" <spasm@ietf.org>
x-netskope-inspected: true
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: netskope.com
Content-Type: multipart/alternative; boundary="0000000000009e663f0615d9aaa4"
Archived-At: <https://mailarchive.ietf.org/arch/msg/last-call/6eMa0O-DEO4nzO6pKl2P79bSJVk>
Subject: Re: [Last-Call] [EXTERNAL] Opsdir last call review of draft-ietf-lamps-ocsp-nonce-update-05
X-BeenThere: last-call@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF Last Calls <last-call.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/last-call>, <mailto:last-call-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/last-call/>
List-Post: <mailto:last-call@ietf.org>
List-Help: <mailto:last-call-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/last-call>, <mailto:last-call-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Apr 2024 22:28:09 -0000
Hi Susan Thanks for valuable feedback and suggestions. I have uploaded the updated draft here https://datatracker.ietf.org/doc/draft-ietf-lamps-ocsp-nonce-update/06/ . Here is the summary about the changes for NITs. NIT #1 I referred to a few RFCs and docs that use OIDs in asn.1, explaining the OID encodings. With the example, Our intention is just to explain the correct encoding structure of Nonce, and Nonce value. NIT #2 Added the format reference as a comment for GeneralizedTime. NIT #3 Remove the import of ATTRIBUTE. NIT #4 Remove the "amp;" keyword from asn.1 modules. now they are standard asn.1 type identifiers and id. I believe that this updated draft addresses all of your concerns. -Thanks Himanshu On Wed, Apr 10, 2024 at 11:30 AM Susan Hares <shares@ndzh.com> wrote: > Himanshu: > > > > I’m glad I could be helpful! > > > > Sue > > > > *From:* Himanshu Sharma <himanshu@netskope.com> > *Sent:* Wednesday, April 10, 2024 2:26 PM > *To:* Susan Hares <shares@ndzh.com> > *Cc:* ops-dir@ietf.org; draft-ietf-lamps-ocsp-nonce-update.all@ietf.org; > last-call@ietf.org; spasm@ietf.org > *Subject:* Re: [EXTERNAL] Opsdir last call review of > draft-ietf-lamps-ocsp-nonce-update-05 > > > > > > Thanks Susan for your time to review the I-D and providing the feedback. > > I will work on the suggestion and update the I-D soon. > > > > -Himanshu > > > > On Tue, Apr 9, 2024 at 12:15 PM Susan Hares via Datatracker < > noreply@ietf.org> wrote: > > Reviewer: Susan Hares > Review result: Has Nits > > > Status: Ready with NITs > General Statement: Excellent writing and clearly understood by a novice. > I enjoyed reading the clear ASN.1 syntax in the appendices. > > operational summary: The key point is that Clients switching from > [RFC8954] to [draft-ietf-lamps-ocsp-nonce-update-06] will want to > use a nonce of length 32, and accept an OCSP of 16 octets. > > 4 NITS: Main Text (1) Appendix A.1 (1), and Appendix A.2 (2). > Note that NITS are editorial suggestions. > > 1 NITS in Main Text: > > The example in section 2 starts with > 30 2f 06 09 2b 06 01 05 05 07 30 01 02 [hex] > Sequence (30) length (2f) { > OBJECT Identifier (06) length (09) > oscpNonce (1 3 6 1 5 5 7 48 1 2 ) > > It might be good to explain that (1 3) is the 2b. > ------ > > #2 NITS in ASN.1 in Section > > It would help the ASN.1 reader to explain in a comment > associated with the first usage of "generalizedTime" the format of the > generalized time. It is a well-defined ASN.1 concept, but > the reader is assumed to be an IETF reader with less experience > in ASN.1. > > ------ > > #NIT 3, use of ATTRIBUTE as an import. > > In my review of the ASN.1 in Appendix A.2, > I cannot find a usage of ATTRIBUTE. > If it is not used, why is it included? > > ----- > #NIT 4, use of @amp; > > ResponseBytes ::= SEQUENCE { > responseType RESPONSE. > &id ({ResponseSet}), > response OCTET STRING (CONTAINING RESPONSE. > &Type({ResponseSet}{@responseType}))} > > AcceptableResponses ::= SEQUENCE OF RESPONSE.&id({ResponseSet}) > > I am not familiar with "&id" or "&Type" or @response. > Please add a comment with the ISO reference for this syntax. > If you wish to be helpful to the reader, it would be > to explain what this syntax means. > > > > > > > >
- [Last-Call] Opsdir last call review of draft-ietf… Susan Hares via Datatracker
- Re: [Last-Call] [EXTERNAL] Opsdir last call revie… Himanshu Sharma
- Re: [Last-Call] [EXTERNAL] Opsdir last call revie… Susan Hares
- Re: [Last-Call] [EXTERNAL] Opsdir last call revie… Himanshu Sharma