Re: [pkix] [Technical Errata Reported] RFC3779 (7653)
Stefan Santesson <stefan@aaa-sec.com> Thu, 28 September 2023 14:17 UTC
Return-Path: <stefan@aaa-sec.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D9658C151996 for <pkix@ietfa.amsl.com>; Thu, 28 Sep 2023 07:17:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.908
X-Spam-Level:
X-Spam-Status: No, score=-6.908 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EwgXyROy0HiW for <pkix@ietfa.amsl.com>; Thu, 28 Sep 2023 07:17:53 -0700 (PDT)
Received: from smtp.outgoing.loopia.se (smtp.outgoing.loopia.se [93.188.3.37]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EDECCC151089 for <pkix@ietf.org>; Thu, 28 Sep 2023 07:17:51 -0700 (PDT)
Received: from s807.loopia.se (localhost [127.0.0.1]) by s807.loopia.se (Postfix) with ESMTP id 8196B2FB3C1C for <pkix@ietf.org>; Thu, 28 Sep 2023 16:17:49 +0200 (CEST)
Received: from s934.loopia.se (unknown [172.22.191.6]) by s807.loopia.se (Postfix) with ESMTP id 718FC2E2A585; Thu, 28 Sep 2023 16:17:49 +0200 (CEST)
Received: from s474.loopia.se (unknown [172.22.191.5]) by s934.loopia.se (Postfix) with ESMTP id 6F2237CEA77; Thu, 28 Sep 2023 16:17:49 +0200 (CEST)
X-Virus-Scanned: amavisd-new at amavis.loopia.se
Received: from s980.loopia.se ([172.22.191.5]) by s474.loopia.se (s474.loopia.se [172.22.190.14]) (amavisd-new, port 10024) with UTF8LMTP id QjB56JHgHbIu; Thu, 28 Sep 2023 16:17:48 +0200 (CEST)
X-Loopia-Auth: user
X-Loopia-User: mailstore2@aaa-sec.com
X-Loopia-Originating-IP: 90.228.170.155
Received: from [10.10.0.158] (unknown [90.228.170.155]) (Authenticated sender: mailstore2@aaa-sec.com) by s980.loopia.se (Postfix) with ESMTPSA id B4B54220163C; Thu, 28 Sep 2023 16:17:48 +0200 (CEST)
Message-ID: <74c9d161-5b3d-4694-880b-01e503656f62@aaa-sec.com>
Date: Thu, 28 Sep 2023 16:17:48 +0200
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Content-Language: sv-SE, en-GB
To: Russ Housley <housley@vigilsec.com>, IETF PKIX <pkix@ietf.org>
Cc: "Roman D. Danyliw" <rdd@cert.org>, Paul Wouters <paul.wouters@aiven.io>, Job Snijders <job@fastly.com>
References: <20230922121745.D1D50E5F67@rfcpa.amsl.com> <67B1F9CD-F8E9-4895-A0AC-C6B32EAE7150@vigilsec.com>
From: Stefan Santesson <stefan@aaa-sec.com>
Autocrypt: addr=stefan@aaa-sec.com; keydata= xsDNBGB0SQwBDADRZIRQH2PciJEmsZ7noEFV8jdtUoB/3AiNPg5CYWJz3YlB1ZyqizIYRXlY EzhIcHRCdn+NrJvReq3Xi3kvycqvhUrrxMIxMYY7YZEripjrbyleFbbZjX4oCu+CTRj8y1Wo V6h9fLlpdqEriXwQ1brs1F/4KmHXTli4FIAmRTzdGBDWgD9sg2UmuloC4+A3d2Zoo6D6Tbjv Piyy3hwqdxjOF0tXSrtH9OXkyoIlmOdaHKLT3hB7nRlurq7dWZYGsnWIIg6YIMwA/eo6OHry nq9OpQ2Zktz40r6WaOARM4RTJgBI45BgR0IVXGJG3ie05lrORYxfLKJ9//JR+4VqY/6RC85C L5Ch6KH7smzraNZXZWPlDjrs25O0X2PwEwv676vJ9tDY7oLN0RHpVMYFx2GOKAYtH0K1BAwY yFlSNRmLbSjNPnGN4yk6ad5J6HB/Z9A0On/Ud2R8eXR5ZJVBNDdcCjM2L2WleRoTbh52DmhX yisi1loEROOZjaqfBf03jlsAEQEAAc0lU3RlZmFuIFNhbnRlc3NvbiA8c3RlZmFuQGFhYS1z ZWMuY29tPsLBDwQTAQgAORYhBKkgqX8QoC/CtVBH1S8bGjmXZjPRBQJgdEkMBQkFo5qAAhsD BQsJCAcCBhUICQoLAgUWAgMBAAAKCRAvGxo5l2Yz0S+7C/94cy3pZYEK9E1PCSwtSYcVrpuJ FwEioeoswoCVU5JzCdiyv4kSP3+lY35Z71Dw1pzoBrSsLb7xbRLrEdoM05AQqRK3eaioI/8R nbPg5M+H86m7Y7bxYzBpcJ+ipNCvA2BbE+2YLSmHEEA0nTWbXtamqib+5jWRd0i/DTtTCzaP /IVSxy7PVcyB8KEF09Go5LFeZOJquIyfHU1KVjG+8UxKSjcyO3Rku5Rdt1D4tX7M6G5d1PMj BqLZPFYUvi5hB2sftMcmZzy9QLkP+2oLlo0R+vc50JO5jpUC1czAXRdp6Rr2r0mFbz1mV6Je AvN4PcFoepTwq97c0lg+zZL5swfcNSAEFKXWZgKJxo6b2iby2wDqaWORjQSNlqKETFOUeQDH dcqLPioQbW95MPa8DtfHGYbdKjk5esyY/PFQw0xR4XvrZx7CeIb6gwGgQByZqTP/lbzWnPHE zpL0DslrtBdfF+i90xGlz0FB4GVQVmygfB4g/l0bajzCb06cyjMiqTrOwM0EYHRJDAEMALsD BRBzhRH3qTcPvO3sFG3VvWlNlKiAKW5XlVp3yw/mBdaVhg0BMb0LlmEamz4HHMoL5hmfUDLS 4TJfJhZMY3ZufvGwVYsiZpl5YtebkH3M8ik5dfUz15xg0ievm3foJLjOwAutS1BKRJSrEnMt YjPqS8APSYs3pd1s1zPfvwaTYy5MrNE6mS2LDqbKA4nJVdq3LpEaBmSW+njfQAIZTRKmgxsb 6kxn4JWVseVRKKDMbqSHZpm8a4RO194FOqdXEz9fTVz2Zn8nJ1zJZTNWzcsHq3gBtM84kwUo NghYDqExuIHahojUHXHntfjZ5ZDW4/ZbOcCrVRDNWWoIoxBvxz10+TPgM+/ytA8VFr4Sglnj 1pnnRFs7aUXa5zIoFUC7NKWCR158ujnYD6S6Ap4nkDhdovL54azvt+/ChWiuQqoQSPE2ihLo vkM8cR9UNPjBVAuLA+pr6RPeg8LrjMRD86lBCfc5KkiP22oTOVzZal+jGgdgiYvD13KM2jUd VB8H9QARAQABwsD8BBgBCAAmFiEEqSCpfxCgL8K1UEfVLxsaOZdmM9EFAmB0SQ0FCQWjmoAC GwwACgkQLxsaOZdmM9Gc3wv/Wyquulv2Y7kUPXITDs/oLugd2Lx6KhFfPOhaoe2amQqhWk8H Hhauqb2Qx8rMFeDmaqzfxLsRpM0FMjtovH3XswPuZoZ3mLw0XuHGgU5QVS/zL6NrNVdwq8dv OV5m6QCm0RomI1cPRAB8P6/bbJy+FUBWvqqCUbQo5T5KXYgNwA/m1Y/S5cej/Wz3V7/Ixwkl 2t63TTrhnXBBGkAz5ApBT/YJ7L89eHLZJUMJJXaNewfhb3dIcZgza705BU5jHchpmJtTzgnS PaYqhKciMQUxd8/8jJ/XqlNVw7XxY77mNK+9BDf7y2EG6bRrzQExhS08vtuPexOE66IXdRId kENY+UQeopSb6EXU6eRD7BsXHLRfxzvs0+wMU7lRUigiONMUv54p6PqBa8PMFV4Jv8NcB9Qu Phy/7YtaBjmJn0FDTKpbDYILwh0WNoxjFqWI3jMo2ZTVjKY0aJMndJ0MxB3eAHjhQLkeKtIL 4831tbIM6eKC9gY3xUsE4vSV/CPdPKjV
Organization: 3xA Security AB
In-Reply-To: <67B1F9CD-F8E9-4895-A0AC-C6B32EAE7150@vigilsec.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/pkix/9OXsgtGCfkk91hdlQ1wY4coprNg>
Subject: Re: [pkix] [Technical Errata Reported] RFC3779 (7653)
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Sep 2023 14:17:56 -0000
Hi, It was a while since I was into the details of ASN.1 and feel a bit unsure what is correct here. I agree with Russ on his thoughts. /Stefan On 2023-09-27 17:29, Russ Housley wrote: > Two thoughts below. > >> The following errata report has been submitted for RFC3779, >> "X.509 Extensions for IP Addresses and AS Identifiers". >> >> -------------------------------------- >> You may review the report below and at: >> https://www.rfc-editor.org/errata/eid7653 >> >> -------------------------------------- >> Type: Technical >> Reported by: Job Snijders <job@fastly.com> >> >> Section: 3.2.3 >> >> Original Text >> ------------- >> Section 3.2.3.4: >> Any contiguous series of AS identifiers MUST be combined into a single range >> whenever possible. >> >> Section 3.2.3.8: >> The ASRange type is a SEQUENCE consisting of a min and a max element, >> and is used to specify a range of AS identifier values. >> >> Corrected Text >> -------------- >> Section 3.2.3.4: >> Any contiguous series of AS identifiers MUST be combined into a single range >> or, whenever possible, represented as a single ASId. > I don't like "or, whenever possible". That is not well specified and thus unlikely to yield a canonical result. In my view, this text is not an improvement to the existing text. > >> Section 3.2.3.8: >> The ASRange type is a SEQUENCE consisting of a min and a max element, >> and is used to specify a range of AS identifier values. The min and max >> elements MUST specify two distinct AS identifiers. > This statement seems clear to me, and I think it is an improvement over the current text. > > Russ > >> Notes >> ----- >> The introduction in section 1 stresses that the objective of the encoding rules in section 2 and section 3 >> is to produce unique encoding and minimal size encoding of the information. >> >> Allowing ASRanges where the minimum value is the same as the maximum value clearly violates the >> objective of specifying a canonical form (in order to produce a unique representation); however the >> specification as-is doesn't forbid min & max to be the same value. The corrected text addresses this. >> >> Instructions: >> ------------- >> This erratum is currently posted as "Reported". If necessary, please >> use "Reply All" to discuss whether it should be verified or >> rejected. When a decision is reached, the verifying party >> can log in to change the status and edit the report, if necessary. >> >> -------------------------------------- >> RFC3779 (draft-ietf-pkix-x509-ipaddr-as-extn-03) >> -------------------------------------- >> Title : X.509 Extensions for IP Addresses and AS Identifiers >> Publication Date : June 2004 >> Author(s) : C. Lynn, S. Kent, K. Seo >> Category : PROPOSED STANDARD >> Source : Public-Key Infrastructure (X.509) >> Area : Security >> Stream : IETF >> Verifying Party : IESG
- [pkix] [Technical Errata Reported] RFC3779 (7653) RFC Errata System
- Re: [pkix] [Technical Errata Reported] RFC3779 (7… Russ Housley
- Re: [pkix] [Technical Errata Reported] RFC3779 (7… Job Snijders
- Re: [pkix] [Technical Errata Reported] RFC3779 (7… Stefan Santesson
- Re: [pkix] [Technical Errata Reported] RFC3779 (7… Job Snijders
- Re: [pkix] [Technical Errata Reported] RFC3779 (7… Russ Housley
- Re: [pkix] [Technical Errata Reported] RFC3779 (7… Paul Wouters