Re: [pkix] [Technical Errata Reported] RFC3029 (6444)

Peter Gutmann <pgut001@cs.auckland.ac.nz> Tue, 02 March 2021 03:07 UTC

Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 643B33A0DBA for <pkix@ietfa.amsl.com>; Mon, 1 Mar 2021 19:07:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5G1ou6bhmFHZ for <pkix@ietfa.amsl.com>; Mon, 1 Mar 2021 19:07:19 -0800 (PST)
Received: from au-smtp-delivery-117.mimecast.com (au-smtp-delivery-117.mimecast.com [103.96.23.117]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4740B3A0D7A for <pkix@ietf.org>; Mon, 1 Mar 2021 19:07:18 -0800 (PST)
Received: from AUS01-ME3-obe.outbound.protection.outlook.com (mail-me3aus01lp2237.outbound.protection.outlook.com [104.47.71.237]) (Using TLS) by relay.mimecast.com with ESMTP id au-mta-48-q_IpNBH5PVugUxo139mEFQ-1; Tue, 02 Mar 2021 14:07:13 +1100
X-MC-Unique: q_IpNBH5PVugUxo139mEFQ-1
Received: from SG2PR06CA0115.apcprd06.prod.outlook.com (2603:1096:1:1d::17) by MEXPR01MB1272.ausprd01.prod.outlook.com (2603:10c6:200:37::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3890.19; Tue, 2 Mar 2021 03:07:08 +0000
Received: from SG2APC01FT028.eop-APC01.prod.protection.outlook.com (2603:1096:1:1d:cafe::1a) by SG2PR06CA0115.outlook.office365.com (2603:1096:1:1d::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3890.19 via Frontend Transport; Tue, 2 Mar 2021 03:07:07 +0000
X-MS-Exchange-Authentication-Results: spf=none (sender IP is 130.216.95.208) smtp.mailfrom=cs.auckland.ac.nz; cert.org; dkim=none (message not signed) header.d=none;cert.org; dmarc=none action=none header.from=cs.auckland.ac.nz
Received: from uxcn13-tdc-a.UoA.auckland.ac.nz (130.216.95.208) by SG2APC01FT028.mail.protection.outlook.com (10.152.250.196) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.3890.19 via Frontend Transport; Tue, 2 Mar 2021 03:07:05 +0000
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz (10.6.2.5) by uxcn13-tdc-a.UoA.auckland.ac.nz (10.6.3.2) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 2 Mar 2021 16:07:04 +1300
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.5]) by uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.5]) with mapi id 15.00.1497.010; Tue, 2 Mar 2021 16:07:04 +1300
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: Russ Housley <housley@vigilsec.com>, Carlisle Adams <cadams@uottawa.ca>
CC: "Roman D. Danyliw" <rdd@cert.org>, Stefan Santesson <stefan@aaa-sec.com>, Ben Kaduk <kaduk@mit.edu>, IETF PKIX <pkix@ietf.org>
Thread-Topic: [pkix] [Technical Errata Reported] RFC3029 (6444)
Thread-Index: AQHXDIHifbZmlGKqPEeuITG/HghXUqpqxgMAgAJNHACAADtRAIABLRCAgAAJ4oCAAYLJIg==
Date: Tue, 2 Mar 2021 03:07:03 +0000
Message-ID: <1614654426358.95560@cs.auckland.ac.nz>
References: <20210226205457.C1E5FF40764@rfc-editor.org> <109BE558-3363-4030-A906-E329B7ED28B4@vigilsec.com> <CA+i=0E4K6nWAAfiuuQ-uOR+9+9G+9=T9J=EMmqqP7-oA00tP6w@mail.gmail.com> <27430A71-1D03-4704-8D31-3412FF922CD5@vigilsec.com> <YTXPR0101MB110157FF4F373702155B2361A29A9@YTXPR0101MB1101.CANPRD01.PROD.OUTLOOK.COM>, <2FD81F56-E419-4FCE-AD2C-A657490275D8@vigilsec.com>
In-Reply-To: <2FD81F56-E419-4FCE-AD2C-A657490275D8@vigilsec.com>
Accept-Language: en-NZ, en-GB, en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [130.216.158.4]
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: c5b3e949-af8e-4abc-2134-08d8dd2842d8
X-MS-TrafficTypeDiagnostic: MEXPR01MB1272:
X-Microsoft-Antispam-PRVS: <MEXPR01MB127259DC99CEFBA5052DB246EE999@MEXPR01MB1272.ausprd01.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:8882
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0
X-Microsoft-Antispam-Message-Info: 6DF15KyfB8ZHMmgHzqVNuBhCwqS3yhp2AlPrpoQqxJp8au4h+vvx3ycKKRoJlmeos/uOovDuj5Yx0xTuPMRM17NYUulFFNv9xPdr16VEjJD8cdS4eZi/V+WieoJAnEnv/2rmnzIAZ6HZzCYQ6rJDG2oxv3M7HZ+w/lZ/c3R52nXXwvh/EHnI3IHjt5/J7TwHa8RbshXiLmMDCZf1ci1mmsqYuTo3xezfnTs9tGtQcBbEnvn5XMuscZtGPYnkRWSCCsFHCruZRcN4Zh6nx+4/aWUjGo3kXLGJcg5GJdRFma5pVl072e1OAVEzpGfO8BJadHKNMSGCLeFY4NMrEzCv8cMMftGUCQtCpWVAflTxam+FA51s3gbcVmVwBnmN3dMEt4LoZdUVFgHAKBAo+viw3teDANyGPs6TbuCpiKrm4zWe+hZgx/G4sGAhtmjbYb5S9RFRhMR3VH06UZ1eXooTiRBFViYolDVayDJjwFf4EcpVmvFKMCyZqUFWCouWbIVqrojXBPcDX/QQJBEc+KDmr78hYocYrhpqRbmgpvjUzTZpAIQZBWanYf/Q3ig1hbQkPT+nnOzxgH5Ss8xc+BNmPodXA7uV8Opz7ADLzir8NS4mGx/eNULE+ZpDLQaa5cB+HTKGARt/5ADIfvOHmB9qrcirGGZoT2yamYM4EthshFM=
X-Forefront-Antispam-Report: CIP:130.216.95.208; CTRY:NZ; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:uxcn13-tdc-a.UoA.auckland.ac.nz; PTR:natgate1-1.auckland.ac.nz; CAT:NONE; SFS:(4636009)(39860400002)(346002)(396003)(136003)(376002)(36840700001)(46966006)(2906002)(82740400003)(186003)(54906003)(4326008)(70586007)(110136005)(26005)(336012)(70206006)(2616005)(4744005)(5660300002)(36860700001)(8936002)(86362001)(786003)(36906005)(356005)(8676002)(7636003)(316002)(82310400003)(47076005)(478600001)(83380400001); DIR:OUT; SFP:1101
X-OriginatorOrg: cs.auckland.ac.nz
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Mar 2021 03:07:05.9857 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: c5b3e949-af8e-4abc-2134-08d8dd2842d8
X-MS-Exchange-CrossTenant-Id: d1b36e95-0d50-42e9-958f-b63fa906beaa
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=d1b36e95-0d50-42e9-958f-b63fa906beaa; Ip=[130.216.95.208]; Helo=[uxcn13-tdc-a.UoA.auckland.ac.nz]
X-MS-Exchange-CrossTenant-AuthSource: SG2APC01FT028.eop-APC01.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MEXPR01MB1272
Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CAU17A13 smtp.mailfrom=pgut001@cs.auckland.ac.nz
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: cs.auckland.ac.nz
Content-Language: en-NZ
Content-Type: text/plain; charset=WINDOWS-1252
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/pkix/evsxyWEWABEP45zmbNq0X3hyU8o>
Subject: Re: [pkix] [Technical Errata Reported] RFC3029 (6444)
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Mar 2021 03:07:21 -0000

Russ Housley <housley@vigilsec.com> writes:

>That said, if there is no imperest in implementation, I do not want to work
>too hard on this...

Maybe it should be a requirement than when the IETF publishes a spec no-one
cares about there be a few deliberate errors (copiers' traps) put in there so
that, on the off chance someone does try and implement it, we hear about it...

I've actually got that in my code for some of the more obscure PKIX features.
In 25+ years no-one has ever reported anything, which is why they've been
disabled by default (apart from the error you get if you try and use them) for
years for attack surface reduction purposes.

Peter.