IETF Logo Mail Archive

Re: [pkix] [Technical Errata Reported] RFC7030 (5904)

Sean Turner <sean@sn3rd.com> Mon, 27 April 2020 01:30 UTC

Return-Path: <sean@sn3rd.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A775B3A098A for <pkix@ietfa.amsl.com>; Sun, 26 Apr 2020 18:30:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IaVs1Uec1mvH for <pkix@ietfa.amsl.com>; Sun, 26 Apr 2020 18:30:11 -0700 (PDT)
Received: from mail-qk1-x729.google.com (mail-qk1-x729.google.com [IPv6:2607:f8b0:4864:20::729]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1677E3A0988 for <pkix@ietf.org>; Sun, 26 Apr 2020 18:30:10 -0700 (PDT)
Received: by mail-qk1-x729.google.com with SMTP id s63so16575430qke.4 for <pkix@ietf.org>; Sun, 26 Apr 2020 18:30:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=ZINNwBvsEyGxfxUWxtCzPwIYAQLVAzUovAJvUdZxiNI=; b=Ornix8ee44CFa4+FHyB91mbEG4a2nXyLjhbB+cdnh8vFtbQ2pK9rh8iBzdSohSGpEx zkI6E6qAhC7DW7YKPGo8C926v9uWnaB9FRWzKl/fGuugQi4nDUSnpI18DfrjgMpCBS1l 2aK14mZASIabJFxj8xVeheL9n5T7I0FPwHG38=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=ZINNwBvsEyGxfxUWxtCzPwIYAQLVAzUovAJvUdZxiNI=; b=KGMH5pmzXzYv4D8yTT5bx1Yb48kECN6Csi8F/LQJWAs40+qeqgEwglpz8lB+Y045F5 ziuMKJJCKx7e5ZtO9O7MLs2FotRKOSBRqSWoqiSkjtC2kWTpjOtj6skp3z0/24NEbMSE gy+Gk4H5j+z1ecRpsMCsxWVmGpA4sQI2f+w3jrp4Gul3r/Pp7t8gU+g6impeweei3xR5 FW3rbo5EagCXMYVGicO3S/Njqy4B2rD1xJ/45JIKVQp7rwYKYJiRZ8seDBPa0+yhik7O 3IX+E3xUBmJ0wqV/ISIQUJABS9B1TaYQsapeABO0iMjSF3vEquVKOvSiz0wY3jg66yAO UnLQ==
X-Gm-Message-State: AGi0PubCiMS9B1cSTCR4FIH8DJmVydR1VHm8mS9RUyRMILzDm9m9qjm2 hFPaIUrvOg5KuAcxWB1WwMR2aw==
X-Google-Smtp-Source: APiQypKVNKP1nW3kZp7uaGtkyFiGUrPt0dt/xuKwsaSxTCiPPLYFCwieZUgX+8+RmWWXrvH61EELyg==
X-Received: by 2002:a37:851:: with SMTP id 78mr20486421qki.352.1587951009858; Sun, 26 Apr 2020 18:30:09 -0700 (PDT)
Received: from sn3rd.lan ([75.102.131.34]) by smtp.gmail.com with ESMTPSA id y72sm8859579qkb.86.2020.04.26.18.30.08 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sun, 26 Apr 2020 18:30:09 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.80.23.2.2\))
From: Sean Turner <sean@sn3rd.com>
In-Reply-To: <20200330145229.GW50174@kduck.mit.edu>
Date: Sun, 26 Apr 2020 21:30:04 -0400
Cc: LAMPS WG <spasm@ietf.org>, justin.cranford@entrustdatacard.com, pkix@ietf.org, Dan Harkins <dharkins@lounge.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <745A0AAC-B5BD-4620-8919-BE1B9DC0570E@sn3rd.com>
References: <20191112204840.35508F40737@rfc-editor.org> <20200330145229.GW50174@kduck.mit.edu>
To: Benjamin Kaduk <kaduk@mit.edu>
X-Mailer: Apple Mail (2.3608.80.23.2.2)
Archived-At: <https://mailarchive.ietf.org/arch/msg/pkix/W3m8z_thhSABI4ylg3OLDVqA1Aw>
Subject: Re: [pkix] [Technical Errata Reported] RFC7030 (5904)
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Apr 2020 01:30:14 -0000

So there was this errata filed way back in 2013 when EST Extensions (RFC 8295) was working its way through the IESG, i.e., this addressed a directorate review and a discuss held by Alexey:
https://www.rfc-editor.org/errata/eid5107
Does errata 5107 not address the same issue?

spt

> On Mar 30, 2020, at 10:52, Benjamin Kaduk <kaduk@mit.edu> wrote:
> 
> Forwarding to the LAMPS WG list since the original seems to have not made
> it into the PKIX archives.
> 
> -Ben
> 
> On Tue, Nov 12, 2019 at 12:48:40PM -0800, RFC Errata System wrote:
>> The following errata report has been submitted for RFC7030,
>> "Enrollment over Secure Transport".
>> 
>> --------------------------------------
>> You may review the report below and at:
>> https://www.rfc-editor.org/errata/eid5904
>> 
>> --------------------------------------
>> Type: Technical
>> Reported by: Justin Cranford <justin.cranford@entrustdatacard.com>
>> 
>> Section: 4.1.3
>> 
>> Original Text
>> -------------
>> Content-Transfer-Encoding: base64
>> 
>> Corrected Text
>> --------------
>> Transfer-Encoding: base64
>> 
>> Notes
>> -----
>> Content-Transfer-Encoding is not a valid HTTP header. RFC 7030 is not compliant with RFC 2616.
>> 
>> - "MIME Content-Transfer-Encoding: base64" => Base64 Basic with CRLFs
>> - "HTTP Transfer-Encoding: base64" => Base64 Basic without CRLFs
>> 
>> This is traceable from RFC 7030 (EST) through RFC 2818 (TLS) to RFC 2616 (HTTP).
>> 
>> - RFC 7030 (EST): EST specifies how to transfer messages securely via HTTP over TLS (HTTPS) [RFC2818]
>> - RFC 2818 (TLS): HTTP [RFC2616] was originally used in the clear on the Internet.
>> - RFC 2616 (HTTP): HTTP does not use the Content-Transfer-Encoding (CTE) field of RFC 2045.
>> - RFC 2616 (HTTP): HTTP/1.1 introduces the Transfer-Encoding header field (section 14.41).
>> 
>> RFC 7030 sections affected are:
>> 
>> - All references to Content-Transfer-Encoding are not valid: Sections 4.1.3, 4.3.1, 4.3.2, 4.4.2, 4.5.2, A.1, A.2, A.3, and A.4.
>> - All references to RFC 2045 are not valid: Sections 4.1.3, 4.3.1, 4.3.2, 4.4.2, 4.5.2, and 7.1.
>> - All references to "base64" need to be updated or removed: Sections 3.5, 4.1.3, 4.3.1, 4.3.2, 4.4.2, 4.5.2, and 7.1.
>> 
>> RFC 7030 fix options:
>> 
>> Option #1: Change all references from Content-Transfer-Encoding to Transfer-Encoding. A caveat is that "base64" has a different meaning in HTTP (no CRLFs) vs MIME (includes CRLFs).
>> 
>> Option #2: Remove all references to Content-Transfer-Encoding and base64. Responses would be transmitted as binary. This allows the response to be transported more efficiently without base64 size bloat, and it allows optional use of Content-Length header so the response can be parsed more efficiently knowing the length ahead of time.
>> 
>> Instructions:
>> -------------
>> This erratum is currently posted as "Reported". If necessary, please
>> use "Reply All" to discuss whether it should be verified or
>> rejected. When a decision is reached, the verifying party  
>> can log in to change the status and edit the report, if necessary. 
>> 
>> --------------------------------------
>> RFC7030 (draft-ietf-pkix-est-09)
>> --------------------------------------
>> Title               : Enrollment over Secure Transport
>> Publication Date    : October 2013
>> Author(s)           : M. Pritikin, Ed., P. Yee, Ed., D. Harkins, Ed.
>> Category            : PROPOSED STANDARD
>> Source              : Public-Key Infrastructure (X.509)
>> Area                : Security
>> Stream              : IETF
>> Verifying Party     : IESG
> 
> _______________________________________________
> pkix mailing list
> pkix@ietf.org
> https://www.ietf.org/mailman/listinfo/pkix

v2.23.0 | Report a Bug | By Email