Re: [pkix] [saag] (it updates RFC 2585) New Version Notification for draft-seantek-certfrag-02.txt

Paul Lambert <paul@marvell.com> Tue, 08 September 2015 18:33 UTC

Return-Path: <paul@marvell.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E27A81A6FF8; Tue, 8 Sep 2015 11:33:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.267
X-Spam-Level:
X-Spam-Status: No, score=-2.267 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Sj5p-uICgZtn; Tue, 8 Sep 2015 11:33:19 -0700 (PDT)
Received: from mx0a-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DB7FE1A7113; Tue, 8 Sep 2015 11:33:19 -0700 (PDT)
Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.15.0.59/8.15.0.59) with SMTP id t88IPAvT029603; Tue, 8 Sep 2015 11:33:00 -0700
Received: from sc-exch03.marvell.com ([199.233.58.183]) by mx0a-0016f401.pphosted.com with ESMTP id 1wqwrk0vtv-2 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NOT); Tue, 08 Sep 2015 11:33:00 -0700
Received: from SC-EXCH03.marvell.com (10.93.176.83) by SC-EXCH03.marvell.com (10.93.176.83) with Microsoft SMTP Server (TLS) id 15.0.1044.25; Tue, 8 Sep 2015 11:32:59 -0700
Received: from SC-EXCH03.marvell.com ([fe80::6cb0:4dfa:f3f3:b8b6]) by SC-EXCH03.marvell.com ([fe80::6cb0:4dfa:f3f3:b8b6%21]) with mapi id 15.00.1044.021; Tue, 8 Sep 2015 11:32:59 -0700
From: Paul Lambert <paul@marvell.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Sean Leonard <dev+ietf@seantek.com>, "pkix@ietf.org" <pkix@ietf.org>, "saag@ietf.org" <saag@ietf.org>
Thread-Topic: [saag] [pkix] (it updates RFC 2585) New Version Notification for draft-seantek-certfrag-02.txt
Thread-Index: AQHQ5+aJJoI9xQUJuE+O4MuCRoB4eJ4y+cQA
Date: Tue, 8 Sep 2015 18:32:59 +0000
Message-ID: <D2147567.77C32%paul@marvell.com>
References: <20141113051500.12824.67140.idtracker@ietfa.amsl.com> <8FF19ABF-17F7-4A83-ABF9-DF84C93528A8@seantek.com> <55EAFAE2.9040107@cs.tcd.ie>
In-Reply-To: <55EAFAE2.9040107@cs.tcd.ie>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.5.3.150624
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.94.250.30]
Content-Type: text/plain; charset="iso-8859-1"
Content-ID: <1430FAA412BE884E81DB4D16342902EF@marvell.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2015-09-08_09:, , signatures=0
X-Proofpoint-Spam-Details: rule=inbound_notspam policy=inbound score=0 kscore.is_bulkscore=0 kscore.compositescore=1 compositescore=0.9 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 kscore.is_spamscore=0 rbsscore=0.9 spamscore=0 urlsuspectscore=0.9 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1507310000 definitions=main-1509080257
Archived-At: <http://mailarchive.ietf.org/arch/msg/pkix/5Y47DPj2hmiHHNpNcR7TC8od_5c>
X-Mailman-Approved-At: Tue, 08 Sep 2015 13:08:30 -0700
Subject: Re: [pkix] [saag] (it updates RFC 2585) New Version Notification for draft-seantek-certfrag-02.txt
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Sep 2015 18:33:23 -0000



>Sean has asked me if I'd be ok with AD sponsoring this one. While it
>seems reasonable as a thing one might want to do, I haven't seen that
>it is something anyone else wants to use so I'm not convinced for now.

The application and semantics of this RFC is unclear.  The only text
describing a use case is:
	"For example, a user agent may wish to draw
	attention to the "notAfter" time for an
	expired certificate.²


This seems broken in that the semantics of any one field needs to include
a notion of the validity of the certificate.

	"A URI that identifies a certificate will likely be used by an
	application or user for some security-related service, such as to
	retrieve the certificate as part of a validation procedure.  When a
	fragment identifies a part of a certificate, the application will
	define the behavioral semantics. "

>
>If you would use this or especially if you would implement this, please
>speak up now. If you think doing this is a bad plan, now is also a
>fine time to speak up.
>
>My plan is to decide in a couple of weeks (Sep 19th). The default if we
>get silence is that I'd not be sponsoring this one. If the response is
>that a bunch of folks would use or implement,

> 
Not interested and usage appears to be potentially problematic.

Paul

>I'd be fine with AD
>sponsoring it.
>
>Thanks,
>S.
>
>On 13/11/14 05:23, Sean Leonard wrote:
>> draft-seantek-certfrag-02 has been posted.
>> 
>> Among other nits, I think that this draft needs to be Standards Track
>>with IETF Consensus because it updates RFC 2585, which is Standards
>>Track, and application/pkix-cert and application/pkix-crl are in the
>>standards tree [RFC 6838].
>> 
>> (Thanks Sean T.)
>> 
>> Sean
>> 
>> Begin forwarded message:
>> 
>>> From: internet-drafts@ietf.org
>>> Subject: New Version Notification for draft-seantek-certfrag-02.txt
>>> Date: November 12, 2014 at 7:15:00 PM HST
>> 
>> A new version of I-D, draft-seantek-certfrag-02.txt
>> has been successfully submitted by Sean Leonard and posted to the
>> IETF repository.
>> 
>> Name:		draft-seantek-certfrag
>> Revision:	02
>> Title:		URI Fragment Identifiers for the application/pkix-cert Media
>>Type
>> Document date:	2014-11-12
>> Group:		Individual Submission
>> Pages:		4
>> URL:            
>>http://www.ietf.org/internet-drafts/draft-seantek-certfrag-02.txt
>> Status:         https://datatracker.ietf.org/doc/draft-seantek-certfrag/
>> Htmlized:       http://tools.ietf.org/html/draft-seantek-certfrag-02
>> Diff:           
>>http://www.ietf.org/rfcdiff?url2=draft-seantek-certfrag-02
>> 
>> Abstract:
>>   This memo describes Uniform Resource Identifier (URI) fragment
>>   identifiers for PKIX certificates, which are identified with the
>>   Internet media type application/pkix-cert.
>> 
>> 
>> The IETF Secretariat
>> 
>> 
>> 
>> _______________________________________________
>> pkix mailing list
>> pkix@ietf.org
>> https://www.ietf.org/mailman/listinfo/pkix
>> 
>
>_______________________________________________
>saag mailing list
>saag@ietf.org
>https://www.ietf.org/mailman/listinfo/saag