Re: [pkix] FW: New Version Notification for draft-wallace-est-alt-challenge-00.txt

Stephen Farrell <stephen.farrell@cs.tcd.ie> Sat, 06 February 2016 12:41 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0B96E1B2D8E for <pkix@ietfa.amsl.com>; Sat, 6 Feb 2016 04:41:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.302
X-Spam-Level:
X-Spam-Status: No, score=-4.302 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ryqs3LEer4tc for <pkix@ietfa.amsl.com>; Sat, 6 Feb 2016 04:41:03 -0800 (PST)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7C8A11B2D8C for <pkix@ietf.org>; Sat, 6 Feb 2016 04:41:03 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 47718BE88 for <pkix@ietf.org>; Sat, 6 Feb 2016 12:41:01 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S0LYD4H8E9si for <pkix@ietf.org>; Sat, 6 Feb 2016 12:40:59 +0000 (GMT)
Received: from [10.87.48.75] (unknown [86.42.26.249]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 6587ABE7B for <pkix@ietf.org>; Sat, 6 Feb 2016 12:40:58 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1454762459; bh=t+NQuzG+S4BsCcniFiFkWI+KO8Fhi5Xa/fSDELBwYTk=; h=Subject:To:References:From:Date:In-Reply-To:From; b=v78UHaEQ052MZUhOdq7iYGvu1Df6PzANy2EUjYR5aqqX04WqraCpMrQ79TDuhTOtb rKuRfPbL58SVrXasbrR6Pz1yCxxJpj/rpyPePEnt1Ez8MJCdzyr0zWmIunRZGUKwDa 6kUnr3jV6hSKxiAJxaDoNcw9+EdWXbGsMHSNr1W8=
To: PKIX <pkix@ietf.org>
References: <20150803183532.30514.2647.idtracker@ietfa.amsl.com> <D1E61A8A.3B3AA%carl@redhoundsoftware.com> <560BBDAE.9070606@cs.tcd.ie> <56211D5C.8050105@cs.tcd.ie>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <56B5E9D9.6090106@cs.tcd.ie>
Date: Sat, 6 Feb 2016 12:40:57 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.5.1
MIME-Version: 1.0
In-Reply-To: <56211D5C.8050105@cs.tcd.ie>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/pkix/5OQ_prXidb-Z6ouJc2Q6ZVkdnE4>
Subject: Re: [pkix] FW: New Version Notification for draft-wallace-est-alt-challenge-00.txt
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 06 Feb 2016 12:41:06 -0000

Well, it still is "after IETF94" I guess, but with apologies
to the authors for dropping this ball...

I've given this a read and have a question and a comment:

Question:

3.1: There are many OTP schemes in real use, and some CA might
someday support >1 - why don't you need a mechanism-id or
similar? (And section 5 here even calls out two different
schemes that are documented in RFCs.) If you tell me that you
think this isn't really needed (and if nobody else argues
for it, that'll be fine but I wanted to ask.)

Comment:

intro: Editorial suggestion: maybe list the existing uses of
the field in a numbered list and refer back to that when
necessary. I think that might help the reader to keep the
different uses clear as they read.

Once the authors have responded to the question above, I'll
start IETF LC for this one.

Cheers,
S.

PS: This was one of the drafts that prompted me to ask about
forming a new wg, but since I'd already said I'd AD sponsor
this on the list back in October, in fairness to the authors,
I'm gonna just go ahead for this one while we see how the
new-wg discussion pans out.

On 16/10/15 16:53, Stephen Farrell wrote:
> 
> So on the basis of a little positive feedback and it being
> fairly obvious I'll AD sponsor this one. I'll be working
> with the authors on that and an IETF LC should ensue in the
> not too distant (maybe just after IETF94). I'll send a mail
> here when that starts.
> 
> Cheers,
> S.
> 
> On 30/09/15 11:47, Stephen Farrell wrote:
>>
>> Folks,
>>
>> Carl and Max have asked me to AD sponsor this draft. Since it
>> seems like it's almost a bug fix, I'll probably go ahead and
>> do that if there are no significant objections here in the next
>> couple of weeks (say by Oct 15).
>>
>> So if you care about EST, please take a look (it's only 8 pages)
>> and say what you think.
>>
>> Thanks,
>> Stephen.
>>
>> On 04/08/15 12:34, Carl Wallace wrote:
>>> The draft referenced below may be of interest to some on this list. It
>>> defines some new OIDs to disambiguate existing EST challengePassword
>>> attribute usage from PKCS #9/legacy usage and defines a new OID to convey
>>> a one-time password as an additional value or alternative to the
>>> tls-unique mechanism defined in EST.
>>>
>>> On 8/3/15, 2:35 PM, "internet-drafts@ietf.org" <internet-drafts@ietf.org>
>>> wrote:
>>>
>>>>
>>>> A new version of I-D, draft-wallace-est-alt-challenge-00.txt
>>>> has been successfully submitted by Carl Wallace and posted to the
>>>> IETF repository.
>>>>
>>>> Name:		draft-wallace-est-alt-challenge
>>>> Revision:	00
>>>> Title:		Alternative Challenge Password Attributes for Enrollment over
>>>> Secure Transport
>>>> Document date:	2015-08-03
>>>> Group:		Individual Submission
>>>> Pages:		9
>>>> URL:            
>>>> https://www.ietf.org/internet-drafts/draft-wallace-est-alt-challenge-00.tx
>>>> t
>>>> Status:         
>>>> https://datatracker.ietf.org/doc/draft-wallace-est-alt-challenge/
>>>> Htmlized:       
>>>> https://tools.ietf.org/html/draft-wallace-est-alt-challenge-00
>>>>
>>>>
>>>> Abstract:
>>>>   This document defines a set of new Certificate Signing Request
>>>>   attributes for use with the Enrollment over Secure Transport (EST)
>>>>   protocol.  These attributes provide disambiguation of the existing
>>>>   overloaded uses for the PKCS #9 challengePassword attribute.  Uses
>>>>   include the original certificate revocation password, common
>>>>   authentication password uses, and EST defined linking of transport
>>>>   security identity.
>>>>
>>>>                  
>>>>        
>>>>
>>>>
>>>> Please note that it may take a couple of minutes from the time of
>>>> submission
>>>> until the htmlized version and diff are available at tools.ietf.org.
>>>>
>>>> The IETF Secretariat
>>>>
>>>
>>>
>>>
>>>
>>
>> _______________________________________________
>> pkix mailing list
>> pkix@ietf.org
>> https://www.ietf.org/mailman/listinfo/pkix
>>
> 
> _______________________________________________
> pkix mailing list
> pkix@ietf.org
> https://www.ietf.org/mailman/listinfo/pkix
>