Re: [Last-Call] [EXTERNAL] Artart last call review of draft-ietf-lamps-ocsp-nonce-update-04
Jim Fenton <fenton@bluepopcorn.net> Sat, 06 April 2024 21:15 UTC
Return-Path: <fenton@bluepopcorn.net>
X-Original-To: last-call@ietfa.amsl.com
Delivered-To: last-call@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 15F02C14F5E4; Sat, 6 Apr 2024 14:15:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=bluepopcorn.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 009o4S9UyFUT; Sat, 6 Apr 2024 14:15:41 -0700 (PDT)
Received: from v2.bluepopcorn.net (v2.bluepopcorn.net [IPv6:2607:f2f8:a994::2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B250EC14F5E2; Sat, 6 Apr 2024 14:15:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=bluepopcorn.net; s=supersize; h=Content-Transfer-Encoding:Content-Type: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From:Sender :Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help: List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=rDaTYdM3/yV7Dnr/OPLXAlO6oxO1johTvLY/6XueDIg=; b=cJ/xmnAR17pUz7rmF5O1woa5nC drwF/Hb6M43fefjxuOU9Cx9VpAhML0iXRhZXGGxwKFLCfkUA9o6PqOh/CzrAEPWKuYADFcZ2Zo4ec TrQXWROdKWsaL1BK4od32r4kaJfKnG/xQiHcL+cOgEshRzm+ww69cvgT06FXAZZy13zI=;
Received: from [2601:647:6801:6430:b524:882c:6956:d6b8] (helo=[10.10.20.233]) by v2.bluepopcorn.net with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <fenton@bluepopcorn.net>) id 1rtDNo-0008Rg-GN; Sat, 06 Apr 2024 14:15:38 -0700
From: Jim Fenton <fenton@bluepopcorn.net>
To: Himanshu Sharma <himanshu@netskope.com>
Cc: art@ietf.org, draft-ietf-lamps-ocsp-nonce-update.all@ietf.org, last-call@ietf.org, spasm@ietf.org, Joseph Salowey <joe@salowey.net>
Date: Sat, 06 Apr 2024 14:15:37 -0700
X-Mailer: MailMate (1.14r5852)
Message-ID: <AD801040-BD36-4CF2-9C36-8AC9AD06E6AB@bluepopcorn.net>
In-Reply-To: <CAL9pJ7mfax5nM4PaL4gkXPp+1t8KN=MhOhJYs9Sm1k_C3t2BYA@mail.gmail.com>
References: <171199463982.27279.13238273687080929241@ietfa.amsl.com> <CAL9pJ7mQg_eWye9OVV2w192Jcuchzcs_es6moFmSo=05DOLKsQ@mail.gmail.com> <CAL9pJ7n4gkYQSTRzC-ZH-dpEtDUzTvN9f8tTyPW73AZeh+QfhQ@mail.gmail.com> <CAL9pJ7mfax5nM4PaL4gkXPp+1t8KN=MhOhJYs9Sm1k_C3t2BYA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="=_MailMate_06EB8435-D7F7-4403-BE02-4585EBD1A422_="
Content-Transfer-Encoding: 8bit
Embedded-HTML: [{"plain":[152, 2787], "uuid":"DE9117AF-5305-4D47-BD55-842811581E12"}]
Archived-At: <https://mailarchive.ietf.org/arch/msg/last-call/kg2TnMPUJ-4cp_EQsYOBRiW9SsY>
Subject: Re: [Last-Call] [EXTERNAL] Artart last call review of draft-ietf-lamps-ocsp-nonce-update-04
X-BeenThere: last-call@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF Last Calls <last-call.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/last-call>, <mailto:last-call-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/last-call/>
List-Post: <mailto:last-call@ietf.org>
List-Help: <mailto:last-call-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/last-call>, <mailto:last-call-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 06 Apr 2024 21:15:45 -0000
Himanshu, Yes, the -05 revision addresses all of my comments. Thanks for making those changes. -Jim On 4 Apr 2024, at 12:00, Himanshu Sharma wrote: > Hi Jim, > In case the updated ID was missed, Please have a look as It > satisfies > all the feedback and suggestions provided by you. > > -Thanks > Himanshu > > On Tue, Apr 2, 2024 at 12:13 PM Himanshu Sharma > <himanshu@netskope.com> > wrote: > >> Hi Jim >> Thanks for all the suggestions and pointing you the IDNITS >> errors. >> I have changed the content according to your suggestions, corrected >> the >> reference, and moved RFC 5912 to the informative reference section >> from >> normative reference section. >> Russ has verified the ASN.1 module and it compiles fine. >> Now this draft has 0 errors reported from IDNITS. >> Meanwhile I have reached out to Joseph Salowey and am working with >> him to >> address the feedback he has provided. >> >> Himanshu >> >> >> >> On Mon, Apr 1, 2024 at 3:12 PM Himanshu Sharma >> <himanshu@netskope.com> >> wrote: >> >>> Thanks Jim for your time to review the Draft. >>> I will work on the suggestions and update the draft accordingly. >>> >>> >>> >>> On Mon, Apr 1, 2024 at 11:04 AM Jim Fenton via Datatracker < >>> noreply@ietf.org> wrote: >>> >>>> Reviewer: Jim Fenton >>>> Review result: Almost Ready >>>> >>>> I am the designated ART ART reviewer for >>>> draft-ietf-lamps-ocsp-nonce-update-04. >>>> >>>> Status: Almost ready >>>> >>>> Comments: >>>> >>>> Section 1, suggest replacing "[RFC8954] enforce the maximum" to >>>> "[RFC8954] >>>> limits the maximum" >>>> >>>> Section 2, suggest replacing "enforce" with "limit". >>>> >>>> Section 2.1 paragraph 1 can be deleted since this is replacing >>>> RFC8954 >>>> in its >>>> entirety. >>>> >>>> Section 2.1 paragraph 3: "An OCSP client that implements this >>>> document >>>> SHOULD >>>> use a minimum length of 32 octets..." while RFC 8954 says, "Newer >>>> OCSP >>>> clients >>>> that support this document MUST use a length of 32 octets..." It >>>> seems >>>> like >>>> this requirement has been weakened; is there a reason for that? >>>> Also in >>>> that >>>> paragraph, rather than "in excess of what is permitted by RFC 8954" >>>> suggest >>>> saying "in excess of the limit of 32 octets that was specified in >>>> RFC >>>> 8954." >>>> >>>> Section 2.1 paragraph 4: replace "...MUST accept Nonce octets >>>> length of >>>> at >>>> least 16 octets..." with "...MUST accept Nonce lengths of at least >>>> 16 >>>> octets..." >>>> >>>> Section 2.1 paragraph 5: replace "Nonce octet length" with "Nonce >>>> length" >>>> >>>> In the example, the object identifier, in addition to Offset and >>>> Length, >>>> is in >>>> decimal. >>>> >>>> I don't have the expertise in ASN.1 to fully review Appendix A; >>>> hopefully >>>> another reviewer can check that. >>>> >>>> IDNITS points out that you have a normative reference to RFC 5912, >>>> which >>>> is >>>> informational. I'm not sure the reference is really normative, >>>> though. >>>> >>>> >>>>
- [Last-Call] Artart last call review of draft-ietf… Jim Fenton via Datatracker
- Re: [Last-Call] [EXTERNAL] Artart last call revie… Himanshu Sharma
- Re: [Last-Call] [EXTERNAL] Artart last call revie… Himanshu Sharma
- Re: [Last-Call] [EXTERNAL] Artart last call revie… Himanshu Sharma
- Re: [Last-Call] [EXTERNAL] Artart last call revie… Jim Fenton