Re: [pkix] [Technical Errata Reported] RFC7030 (5904)
Sean Turner <sean@sn3rd.com> Mon, 27 April 2020 01:30 UTC
Return-Path: <sean@sn3rd.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A775B3A098A for <pkix@ietfa.amsl.com>; Sun, 26 Apr 2020 18:30:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IaVs1Uec1mvH for <pkix@ietfa.amsl.com>; Sun, 26 Apr 2020 18:30:11 -0700 (PDT)
Received: from mail-qk1-x729.google.com (mail-qk1-x729.google.com [IPv6:2607:f8b0:4864:20::729]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1677E3A0988 for <pkix@ietf.org>; Sun, 26 Apr 2020 18:30:10 -0700 (PDT)
Received: by mail-qk1-x729.google.com with SMTP id s63so16575430qke.4 for <pkix@ietf.org>; Sun, 26 Apr 2020 18:30:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=ZINNwBvsEyGxfxUWxtCzPwIYAQLVAzUovAJvUdZxiNI=; b=Ornix8ee44CFa4+FHyB91mbEG4a2nXyLjhbB+cdnh8vFtbQ2pK9rh8iBzdSohSGpEx zkI6E6qAhC7DW7YKPGo8C926v9uWnaB9FRWzKl/fGuugQi4nDUSnpI18DfrjgMpCBS1l 2aK14mZASIabJFxj8xVeheL9n5T7I0FPwHG38=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=ZINNwBvsEyGxfxUWxtCzPwIYAQLVAzUovAJvUdZxiNI=; b=KGMH5pmzXzYv4D8yTT5bx1Yb48kECN6Csi8F/LQJWAs40+qeqgEwglpz8lB+Y045F5 ziuMKJJCKx7e5ZtO9O7MLs2FotRKOSBRqSWoqiSkjtC2kWTpjOtj6skp3z0/24NEbMSE gy+Gk4H5j+z1ecRpsMCsxWVmGpA4sQI2f+w3jrp4Gul3r/Pp7t8gU+g6impeweei3xR5 FW3rbo5EagCXMYVGicO3S/Njqy4B2rD1xJ/45JIKVQp7rwYKYJiRZ8seDBPa0+yhik7O 3IX+E3xUBmJ0wqV/ISIQUJABS9B1TaYQsapeABO0iMjSF3vEquVKOvSiz0wY3jg66yAO UnLQ==
X-Gm-Message-State: AGi0PubCiMS9B1cSTCR4FIH8DJmVydR1VHm8mS9RUyRMILzDm9m9qjm2 hFPaIUrvOg5KuAcxWB1WwMR2aw==
X-Google-Smtp-Source: APiQypKVNKP1nW3kZp7uaGtkyFiGUrPt0dt/xuKwsaSxTCiPPLYFCwieZUgX+8+RmWWXrvH61EELyg==
X-Received: by 2002:a37:851:: with SMTP id 78mr20486421qki.352.1587951009858; Sun, 26 Apr 2020 18:30:09 -0700 (PDT)
Received: from sn3rd.lan ([75.102.131.34]) by smtp.gmail.com with ESMTPSA id y72sm8859579qkb.86.2020.04.26.18.30.08 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sun, 26 Apr 2020 18:30:09 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.80.23.2.2\))
From: Sean Turner <sean@sn3rd.com>
In-Reply-To: <20200330145229.GW50174@kduck.mit.edu>
Date: Sun, 26 Apr 2020 21:30:04 -0400
Cc: LAMPS WG <spasm@ietf.org>, justin.cranford@entrustdatacard.com, pkix@ietf.org, Dan Harkins <dharkins@lounge.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <745A0AAC-B5BD-4620-8919-BE1B9DC0570E@sn3rd.com>
References: <20191112204840.35508F40737@rfc-editor.org> <20200330145229.GW50174@kduck.mit.edu>
To: Benjamin Kaduk <kaduk@mit.edu>
X-Mailer: Apple Mail (2.3608.80.23.2.2)
Archived-At: <https://mailarchive.ietf.org/arch/msg/pkix/W3m8z_thhSABI4ylg3OLDVqA1Aw>
Subject: Re: [pkix] [Technical Errata Reported] RFC7030 (5904)
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Apr 2020 01:30:14 -0000
So there was this errata filed way back in 2013 when EST Extensions (RFC 8295) was working its way through the IESG, i.e., this addressed a directorate review and a discuss held by Alexey: https://www.rfc-editor.org/errata/eid5107 Does errata 5107 not address the same issue? spt > On Mar 30, 2020, at 10:52, Benjamin Kaduk <kaduk@mit.edu> wrote: > > Forwarding to the LAMPS WG list since the original seems to have not made > it into the PKIX archives. > > -Ben > > On Tue, Nov 12, 2019 at 12:48:40PM -0800, RFC Errata System wrote: >> The following errata report has been submitted for RFC7030, >> "Enrollment over Secure Transport". >> >> -------------------------------------- >> You may review the report below and at: >> https://www.rfc-editor.org/errata/eid5904 >> >> -------------------------------------- >> Type: Technical >> Reported by: Justin Cranford <justin.cranford@entrustdatacard.com> >> >> Section: 4.1.3 >> >> Original Text >> ------------- >> Content-Transfer-Encoding: base64 >> >> Corrected Text >> -------------- >> Transfer-Encoding: base64 >> >> Notes >> ----- >> Content-Transfer-Encoding is not a valid HTTP header. RFC 7030 is not compliant with RFC 2616. >> >> - "MIME Content-Transfer-Encoding: base64" => Base64 Basic with CRLFs >> - "HTTP Transfer-Encoding: base64" => Base64 Basic without CRLFs >> >> This is traceable from RFC 7030 (EST) through RFC 2818 (TLS) to RFC 2616 (HTTP). >> >> - RFC 7030 (EST): EST specifies how to transfer messages securely via HTTP over TLS (HTTPS) [RFC2818] >> - RFC 2818 (TLS): HTTP [RFC2616] was originally used in the clear on the Internet. >> - RFC 2616 (HTTP): HTTP does not use the Content-Transfer-Encoding (CTE) field of RFC 2045. >> - RFC 2616 (HTTP): HTTP/1.1 introduces the Transfer-Encoding header field (section 14.41). >> >> RFC 7030 sections affected are: >> >> - All references to Content-Transfer-Encoding are not valid: Sections 4.1.3, 4.3.1, 4.3.2, 4.4.2, 4.5.2, A.1, A.2, A.3, and A.4. >> - All references to RFC 2045 are not valid: Sections 4.1.3, 4.3.1, 4.3.2, 4.4.2, 4.5.2, and 7.1. >> - All references to "base64" need to be updated or removed: Sections 3.5, 4.1.3, 4.3.1, 4.3.2, 4.4.2, 4.5.2, and 7.1. >> >> RFC 7030 fix options: >> >> Option #1: Change all references from Content-Transfer-Encoding to Transfer-Encoding. A caveat is that "base64" has a different meaning in HTTP (no CRLFs) vs MIME (includes CRLFs). >> >> Option #2: Remove all references to Content-Transfer-Encoding and base64. Responses would be transmitted as binary. This allows the response to be transported more efficiently without base64 size bloat, and it allows optional use of Content-Length header so the response can be parsed more efficiently knowing the length ahead of time. >> >> Instructions: >> ------------- >> This erratum is currently posted as "Reported". If necessary, please >> use "Reply All" to discuss whether it should be verified or >> rejected. When a decision is reached, the verifying party >> can log in to change the status and edit the report, if necessary. >> >> -------------------------------------- >> RFC7030 (draft-ietf-pkix-est-09) >> -------------------------------------- >> Title : Enrollment over Secure Transport >> Publication Date : October 2013 >> Author(s) : M. Pritikin, Ed., P. Yee, Ed., D. Harkins, Ed. >> Category : PROPOSED STANDARD >> Source : Public-Key Infrastructure (X.509) >> Area : Security >> Stream : IETF >> Verifying Party : IESG > > _______________________________________________ > pkix mailing list > pkix@ietf.org > https://www.ietf.org/mailman/listinfo/pkix
- Re: [pkix] [Technical Errata Reported] RFC7030 (5… Benjamin Kaduk
- Re: [pkix] [Technical Errata Reported] RFC7030 (5… Eliot Lear
- Re: [pkix] [Technical Errata Reported] RFC7030 (5… Michael Richardson
- Re: [pkix] [Technical Errata Reported] RFC7030 (5… Sean Turner