IETF Logo Mail Archive

Re: Question about the edition of RFC 3280

Denis Pinkas <Denis.Pinkas@bull.net> Tue, 08 April 2003 11:30 UTC

Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA06842 for <pkix-archive@lists.ietf.org>; Tue, 8 Apr 2003 07:30:06 -0400 (EDT)
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.9/8.11.6) with ESMTP id h38AB1JM001237 for <ietf-pkix-bks@above.proper.com>; Tue, 8 Apr 2003 03:11:01 -0700 (PDT)
Received: (from majordomo@localhost) by above.proper.com (8.12.9/8.12.9/Submit) id h38AB1Xj001236 for ietf-pkix-bks; Tue, 8 Apr 2003 03:11:01 -0700 (PDT)
X-Authentication-Warning: above.proper.com: majordomo set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.12.9/8.11.6) with ESMTP id h38AAwJM001217 for <ietf-pkix@imc.org>; Tue, 8 Apr 2003 03:10:59 -0700 (PDT)
Received: from clbull.frcl.bull.fr (IDENT:root@clbull.frcl.bull.fr [129.182.8.31]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id MAA12558; Tue, 8 Apr 2003 12:13:36 +0200
Received: from bull.net (frcls4013.frcl.bull.fr [129.182.108.120]) by clbull.frcl.bull.fr (8.9.3/8.9.3) with ESMTP id LAA20494; Tue, 8 Apr 2003 11:07:13 +0200
Message-ID: <3E92A017.20505@bull.net>
Date: Tue, 08 Apr 2003 12:10:31 +0200
From: Denis Pinkas <Denis.Pinkas@bull.net>
Organization: Bull SA.
User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.0.1) Gecko/20020823 Netscape/7.0
X-Accept-Language: en-us, en, fr
MIME-Version: 1.0
To: Russ Housley <housley@vigilsec.com>
CC: pkix <ietf-pkix@imc.org>, Jeff Schiller <jis@mit.edu>, Steve Bellovin <smb@research.att.com>, Tim Polk <wpolk@nist.gov>, Stephen Kent <kent@bbn.com>, rfc-editor@rfc-editor.org
Subject: Re: Question about the edition of RFC 3280
References: <5.2.0.9.2.20030407102225.02666690@mail.binhost.com>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Content-Transfer-Encoding: 7bit

Russ,

Thank you for this long-awaited answer.

Shortly speaking, the change that has been made cannot be considered as 
"editorial" and introduces an incompatibility with both RFC 2459 and X.509.

Peter Sylvester raised the following questions:

- Whether this reflects a discussion in the working group for which
   consensus had been achieved.

- how the consensus was achieved.

We can see that this change does not reflect a WG consensus and that the WG 
has been kept ignorant when the change was being made (and that the change 
was being made).

Furthermore, the comment that lead to that change has *not* been posted to 
the WG list. We cannot thus speak of a fair and open process.

See additional comments below.

> Denis:
> 
>> ===================================================================
>>
>> A new Request for Comments is now available in online RFC libraries.
>>
>>         RFC 3280
>>
>>         Title:      Internet X.509 Public Key Infrastructure
>>                     Certificate and Certificate Revocation List (CRL)
>>                     Profile
>>         Author(s):  R. Housley, W. Polk, W. Ford, D. Solo
>>         Status:     Standards Track
>>         Date:       April 2002
>>         Mailbox:    rhousley@rsasecurity.com, wford@verisign.com,
>>                     wpolk@nist.gov, dsolo@alum.mit.edu
>>         Pages:      129
>>         Characters: 295556
>>         Updates/Obsoletes/SeeAlso:    None
>>
>>         I-D Tag:    draft-ietf-pkix-new-part1-12.txt
>>
>> ====================================================================
>>
>> The text that was draft-ietf-pkix-new-part1-12.txt is the following:
>>
>>       "The digitalSignature bit is asserted when the subject public key
>>       is used with a digital signature mechanism to support security
>>       services other than non-repudiation (bit 1), certificate signing
>>       (bit 5), or CRL signing (bit 6).  Digital signature mechanisms are
>>       often used for entity authentication and data origin
>>       authentication with integrity."
>>
>> while the text that is in RFC 3280 is the following:
>>
>>       "The digitalSignature bit is asserted when the subject public key
>>       is used with a digital signature mechanism to support security
>>       services other than certificate signing (bit 5), or CRL signing
>>       (bit 6).  Digital signature mechanisms are often used for entity
>>       authentication and data origin authentication with integrity."
>>
>> I would like to know, how/when such a change happened.
> 
> 
> I do not know why you are asking about a change that happened a year 
> ago, but here is the history.  This took quite a bit of time to pull 
> together, and it involved searching the archives kept by several 
> different individuals.
> 
> During IETF Last Call, the authors received a comment regarding the key 
> usage bits.  We have been unsuccessful in locating this email message, 
> so you will have to live with the personal recollection of the content 
> of this message.  

It is quite strange that such a message has been lost by all the editors 
together. :-|

Unless someone from the WG mailing list remember that he posted this message 
and makes itself known, the reality of the existence of this message will be 
questionable.

Can anyone from the WG identifies himself as being the sender of the message 
that lead to that change ?

> The comment stated that section 4.2.1.3 contained an 
> inconsistency.  The comment pointed to the following text from 
> draft-ietf-pkix-new-part1-12.txt:
> 
>       The digitalSignature bit is asserted when the subject public key
>       is used with a digital signature mechanism to support security
>       services other than non-repudiation (bit 1), certificate signing
>       (bit 5), or CRL signing (bit 6).  Digital signature mechanisms are
>       often used for entity authentication and data origin
>       authentication with integrity.
> 
>       The nonRepudiation bit is asserted when the subject public key is
>       used to verify digital signatures used to provide a non-
>       repudiation service which protects against the signing entity
>       falsely denying some action, excluding certificate or CRL signing.
>       In the case of later conflict, a reliable third party may
>       determine the authenticity of the signed data.
> 
>       Further distinctions between the digitalSignature and
>       nonRepudiation bits may be provided in specific certificate
>       policies.
> 
> The crux of the comment was: When the digitalSignature bit is asserted, 
> then the digital signature mechanism supports security services other 
> than non-repudiation.  This means that there is no overlap between these 
> two bit settings.  This is in conflict with the statement that policy 
> can provide further distinction between digitalSignature and 
> nonRepudiation.

When the addition was discussed noone said that additional text neeeded to 
be changed.

If the person that sent the message saw a contradiction, then this issue 
should have at least advertised to the WG.

A simple way to solve this "contradiction" would have been to delete the 
addition.

As far as I am concerned, I interpreted the sentence by the fact that some 
certificate policies may refuse to issue certificates with the two bits set, 
while some others may accept. The exclusivity of bits 1 and 0 is not 
mandated, but is certainly a potentially very dangerous combination.


> In resolving this comment, the authors also considered the vast volumes 
> of messages on the PKIX WG mail list regarding the disputed meaning of 
> these bits.  Recall that the third paragraph was added as a result of 
> that very long discussion.

Since you mention that it was a disputed debate, any change to that section 
should have been brought back to the group.

> The actual changes were made to the document by the RFC Editor, and the 
> request of the authors and concurrence of the Security Area Director.  
> These changes were considered to be clarifications that resolved an 
> internal inconsistency.

I am sorry, but the change is well behind a "clarification" since it 
introduces a major change with the agreed document placed on the web server, 
i.e. version 12. Once a document is placed on the server, only real 
editorial changes can be done. This one cannot fall in this category.

> The following is the note from the authors to the RFC Editor:
> 
>> Date: Wed, 17 Apr 2002 14:57:50 -0400
>> To: rfc-editor@rfc-editor.org
>> From: Russ Housley <russ.housley@verizon.net>
>> Subject: Re: draft-ietf-pkix-new-part1-12.txt
>> Cc: wpolk@nist.gov, jis@mit.edu, smb@research.att.com
>>
>> Dear RFC Editor:
>>
>> Here are the changes that are needed for draft-ietf-pkix-new-part1-12.txt
>>
>> [snip]
>>
>> Section 4.2.1.3, 4th Paragraph: Drop "non-repudiation (bit 1)" from the
>> 1st sentence.  Otherwise it conflicts with the first and last paragraphs
>> of the same section.
>>
>> OLD:
>>
>>    Bits in the KeyUsage type are used as follows:
>>
>>        The digitalSignature bit is asserted when the subject public key
>>        is used with a digital signature mechanism to support security
>>        services other than non-repudiation (bit 1), certificate signing
>>        (bit 5), or CRL signing (bit 6).  Digital signature mechanisms are
>>        often used for entity authentication and data origin
>>        authentication with integrity.
>>
>> NEW:
>>
>>     Bits in the KeyUsage type are used as follows:
>>
>>        The digitalSignature bit is asserted when the subject public key
>>        is used with a digital signature mechanism to support security
>>        services other than certificate signing (bit 5), or CRL signing
>>        (bit 6).  Digital signature mechanisms are often used for entity
>>        authentication and data origin authentication with integrity.
>>
>> [snip]
> 
> 
> In response to this request, the RFC Editor contacted the Security Area 
> Directors to confirm that the changes were appropriate.  Jeff Schiller 
> responded with the following message:
> 
>> Date: Wed, 17 Apr 2002 19:37:36 -0400
>> From: "Jeffrey I. Schiller" <jis@mit.edu>
>> To: rfc-editor@rfc-editor.org
>> Cc: russ.housley@verizon.net, wpolk@nist.gov, smb@research.att.com
>> Subject: Re: AD response request: Re: draft-ietf-pkix-new-part1-12.txt
>>
>> I have reviewed the changes and they look fine to me.
>>
>>                         -Jeff
>>
>> On Wed, Apr 17, 2002 at 10:18:22PM +0000, rfc-editor@rfc-editor.org 
>> wrote:
>> > Jeff and Steve,
>> >
>> > Could you please verify that the following changes are okay?  For the
>> > most part, they seem editorial in nature, but we wanted to get an okay
>> > from you guys as there are such a great number of changes.
>> >
>> > Thank you.
>> >
>> > RFC Editor

> Denis, this is the history.  

We cannot change history, but we can now consider how to correct the situation.

> I think you can see that an appropriate comment resolution process was followed. 

I have to disagree with your statement.

 > I am sure you have faced similar comments on documents that you have
 > authored.

Up to now, I have not faced such a situation, and given that experience it 
is very unlikely that I will ever face it.

I am awaiting for proposals from yourself, the co-chairs and/or the Security 
Area Directors on the way to re-establish a backward compatibility with RFC 
2459.

Denis

> Russ

v2.23.0 | Report a Bug | By Email