Re: [pkix] New Version Notification for draft-wallace-est-alt-challenge-00.txt

"Max Pritikin (pritikin)" <pritikin@cisco.com> Thu, 01 October 2015 03:08 UTC

Return-Path: <pritikin@cisco.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 21F9B1A0119 for <pkix@ietfa.amsl.com>; Wed, 30 Sep 2015 20:08:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.511
X-Spam-Level:
X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FZhoxigbHR4t for <pkix@ietfa.amsl.com>; Wed, 30 Sep 2015 20:08:02 -0700 (PDT)
Received: from alln-iport-5.cisco.com (alln-iport-5.cisco.com [173.37.142.92]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5F1651A010C for <pkix@ietf.org>; Wed, 30 Sep 2015 20:08:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4000; q=dns/txt; s=iport; t=1443668882; x=1444878482; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=W7JtNH4TPfZugPeLKlTFqEubmXM+ikGZug7K/KoiLnI=; b=GkOu3/RTnBqvQANhJgkq3RBEQuIU3maIdH9KuSyA+aMQws946lUuuur9 ZDM2mubwmGofChKUn3dfz5HNq2anQrbGG8Rds6oim6rzVcPeRvRg4uZJ3 r8wxVE/n0/rCAbUXJHYfEQy8NOd9vHOToaVNphhgXfMISvXxrm1F4d5Fu M=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0ADAgDlogxW/4wNJK1VCYMnVG0GvWsBDYFxDIV3AoE+OBQBAQEBAQEBgQqEJAEBAQMBAQEBawkCBQsCAQgYGBYnCyUCBA4FiCYIDctjAQEBAQEBAQEBAQEBAQEBAQEBAQEBF4kCgm6EMSkzBxmCf4EUBY0DiHUBhRWHfYFPRoNwlUoBHwEBQoIRHYFUcQGIdIEFAQEB
X-IronPort-AV: E=Sophos;i="5.17,615,1437436800"; d="scan'208";a="193213354"
Received: from alln-core-7.cisco.com ([173.36.13.140]) by alln-iport-5.cisco.com with ESMTP; 01 Oct 2015 03:08:01 +0000
Received: from XCH-ALN-014.cisco.com (xch-aln-014.cisco.com [173.36.7.24]) by alln-core-7.cisco.com (8.14.5/8.14.5) with ESMTP id t913814B026760 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 1 Oct 2015 03:08:01 GMT
Received: from xch-aln-013.cisco.com (173.36.7.23) by XCH-ALN-014.cisco.com (173.36.7.24) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Wed, 30 Sep 2015 22:08:00 -0500
Received: from xch-aln-013.cisco.com ([173.36.7.23]) by XCH-ALN-013.cisco.com ([173.36.7.23]) with mapi id 15.00.1104.000; Wed, 30 Sep 2015 22:08:00 -0500
From: "Max Pritikin (pritikin)" <pritikin@cisco.com>
To: Sean Turner <sean@sn3rd.com>
Thread-Topic: [pkix] New Version Notification for draft-wallace-est-alt-challenge-00.txt
Thread-Index: AQHQ++9VCspeK4dhjkyNzUy+E2WRqZ5WSLQA
Date: Thu, 1 Oct 2015 03:08:00 +0000
Message-ID: <2792C6B1-FF3B-4536-BFA4-49FD18DFE11E@cisco.com>
References: <20150803183532.30514.2647.idtracker@ietfa.amsl.com> <D1E61A8A.3B3AA%carl@redhoundsoftware.com> <560BBDAE.9070606@cs.tcd.ie> <82D82A48-424A-4080-9538-84A2375DAA10@sn3rd.com>
In-Reply-To: <82D82A48-424A-4080-9538-84A2375DAA10@sn3rd.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.99.106.8]
Content-Type: text/plain; charset="Windows-1252"
Content-ID: <792D8B95EA756743962D75E410A24BFC@emea.cisco.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/pkix/V6bUHWZ2TgEO0pgN5CQC2qp2XyQ>
Cc: IETF PKIX <pkix@ietf.org>
Subject: Re: [pkix] New Version Notification for draft-wallace-est-alt-challenge-00.txt
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Oct 2015 03:08:04 -0000

> On Sep 30, 2015, at 8:16 PM, Sean Turner <sean@sn3rd.com> wrote:
> 
> Short to the point - seems like a fine candidate to AD sponsor.  Only one question/comment: 
> 
> Don't you need to say which of the DirectoryString choices you’ve got to support.  In other words, don’t you need to include something along the following lines (similar to what’s in RFC 2985):
> 
>   These attribute values generated in accordance this document
>   SHOULD use the PrintableString encoding whenever possible.
>   If internationalization issues make this impossible, the UTF8String
>   alternative SHOULD be used.  Attribute processing systems MUST
>   be able to recognize and process all string types in DirectoryString
>   values.
> 
> Note I’m not suggesting the above is correct just that it’s similar to what’s in RFC 2985.

RFC7030 states that "the resulting string is placed in the certification request challenge-password field ([RFC2985], Section 5.4.1)” which includes a copy of this paragraph (with very slight variations). 

I see no problem either repeating this text or making the reference to RFC2985 more explicit.

- max

> 
> spt
> 
> On Sep 30, 2015, at 06:47, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote:
> 
>> 
>> Folks,
>> 
>> Carl and Max have asked me to AD sponsor this draft. Since it
>> seems like it's almost a bug fix, I'll probably go ahead and
>> do that if there are no significant objections here in the next
>> couple of weeks (say by Oct 15).
>> 
>> So if you care about EST, please take a look (it's only 8 pages)
>> and say what you think.
>> 
>> Thanks,
>> Stephen.
>> 
>> On 04/08/15 12:34, Carl Wallace wrote:
>>> The draft referenced below may be of interest to some on this list. It
>>> defines some new OIDs to disambiguate existing EST challengePassword
>>> attribute usage from PKCS #9/legacy usage and defines a new OID to convey
>>> a one-time password as an additional value or alternative to the
>>> tls-unique mechanism defined in EST.
>>> 
>>> On 8/3/15, 2:35 PM, "internet-drafts@ietf.org" <internet-drafts@ietf.org>
>>> wrote:
>>> 
>>>> 
>>>> A new version of I-D, draft-wallace-est-alt-challenge-00.txt
>>>> has been successfully submitted by Carl Wallace and posted to the
>>>> IETF repository.
>>>> 
>>>> Name:		draft-wallace-est-alt-challenge
>>>> Revision:	00
>>>> Title:		Alternative Challenge Password Attributes for Enrollment over
>>>> Secure Transport
>>>> Document date:	2015-08-03
>>>> Group:		Individual Submission
>>>> Pages:		9
>>>> URL:            
>>>> https://www.ietf.org/internet-drafts/draft-wallace-est-alt-challenge-00.tx
>>>> t
>>>> Status:         
>>>> https://datatracker.ietf.org/doc/draft-wallace-est-alt-challenge/
>>>> Htmlized:       
>>>> https://tools.ietf.org/html/draft-wallace-est-alt-challenge-00
>>>> 
>>>> 
>>>> Abstract:
>>>> This document defines a set of new Certificate Signing Request
>>>> attributes for use with the Enrollment over Secure Transport (EST)
>>>> protocol.  These attributes provide disambiguation of the existing
>>>> overloaded uses for the PKCS #9 challengePassword attribute.  Uses
>>>> include the original certificate revocation password, common
>>>> authentication password uses, and EST defined linking of transport
>>>> security identity.
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> Please note that it may take a couple of minutes from the time of
>>>> submission
>>>> until the htmlized version and diff are available at tools.ietf.org.
>>>> 
>>>> The IETF Secretariat
>>>> 
>>> 
>>> 
>>> 
>>> 
>> 
>> _______________________________________________
>> pkix mailing list
>> pkix@ietf.org
>> https://www.ietf.org/mailman/listinfo/pkix
> 
> _______________________________________________
> pkix mailing list
> pkix@ietf.org
> https://www.ietf.org/mailman/listinfo/pkix