Re: [pkix] [Technical Errata Reported] RFC7030 (5107)

Sean Turner <sean@sn3rd.com> Thu, 07 September 2017 20:39 UTC

Return-Path: <sean@sn3rd.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 341D1132397 for <pkix@ietfa.amsl.com>; Thu, 7 Sep 2017 13:39:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IbNE5AiuRuuG for <pkix@ietfa.amsl.com>; Thu, 7 Sep 2017 13:39:54 -0700 (PDT)
Received: from mail-qt0-x22b.google.com (mail-qt0-x22b.google.com [IPv6:2607:f8b0:400d:c0d::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5C88D126B7E for <pkix@ietf.org>; Thu, 7 Sep 2017 13:39:54 -0700 (PDT)
Received: by mail-qt0-x22b.google.com with SMTP id s18so316017qta.3 for <pkix@ietf.org>; Thu, 07 Sep 2017 13:39:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=mDaOB/xT6JBy+mBEk40SBaMjMq4bUi9mljOmKFh9wZs=; b=YpIyppdJf8cCTVdjxjTNPluCpxeV0iVOriRGaw4Lo98Eaz6ib7mOJYzFggp0ob63J9 5BhrISdT2agvmIRr8rM4rp/fQVe35k+ys/gqyhpW9SzaGn8r53fzm/QrrRPekW4SWkHl Lx82l+NekkoYI/uUjsRAhd2MwO19H3erk5zfI=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=mDaOB/xT6JBy+mBEk40SBaMjMq4bUi9mljOmKFh9wZs=; b=YMM4NdnMe0YC8K30lFwGgeVgZQMz0J8cDPE+5apjizXWOecIt8jnGNMTtxwneh4cQa Sw1+n6/c0QSawEXKONv1UNS8U93dLne42RqG9eedR12IkPuJMoDryLuWCAOkluVvpP22 fVUqxDt9HHumllOyljsf3JFKD4xxsKzglH5A98soTssRiFp8d9NgKEH6Gc9kQ8EcAKns Pb+9A3LaVQpQil6sLarEIlm7w/MR9vYctex4Jru+Kwj5WCTMY6MyUm1b5IOksctt1AEg uCmAIjLIi2/wGU791zOAuxC3Zf7URwrhTT1xNuCS0CfYEbj22k9mgHZ71YsQiJJOXt5j 1uMA==
X-Gm-Message-State: AHPjjUiCJxNNjZEoqfOx9uYkiJ4J5QB7rkdhYm2RRhGZkQ4TQGMuTBT1 94vnqXzf9LIB2zWVb2pdMQ==
X-Google-Smtp-Source: AOwi7QCAHnLjBkcfqN2V964WQbzP1YjH4mQR9qLVtEMc1dOgbv2XObtZq1JyjdgLyLKRp4lfJ8nymw==
X-Received: by 10.200.25.78 with SMTP id g14mr936083qtk.48.1504816793212; Thu, 07 Sep 2017 13:39:53 -0700 (PDT)
Received: from [172.16.0.18] ([96.231.223.191]) by smtp.gmail.com with ESMTPSA id s43sm162197qta.31.2017.09.07.13.39.51 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 07 Sep 2017 13:39:51 -0700 (PDT)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Sean Turner <sean@sn3rd.com>
In-Reply-To: <20170907201629.87349B81779@rfc-editor.org>
Date: Thu, 7 Sep 2017 16:39:50 -0400
Cc: Max Pritikin <pritikin@cisco.com>, Peter Yee <peter@akayla.com>, Daniel Harkins <dharkins@arubanetworks.com>, Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>, Eric Rescorla <ekr@rtfm.com>, Stephen Kent <kent@alum.mit.edu>, Stefan Santesson <stefan@aaa-sec.com>
Content-Transfer-Encoding: quoted-printable
Message-Id: <CF737FEB-BF88-4B52-87C7-297261E67447@sn3rd.com>
References: <20170907201629.87349B81779@rfc-editor.org>
To: PKIX <pkix@ietf.org>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/pkix/l9-oc_1sFcAmomQ37SqJsA-JO5s>
Subject: Re: [pkix] [Technical Errata Reported] RFC7030 (5107)
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Sep 2017 20:39:56 -0000

Note that this issue was discovered during IESG review of draft-turner-est-extensions.  Alexey, Panos, Dan, Max, and myself worked on the wording.  I’m hoping it can stew for a couple of days and then be marked as accepted.

spt

> On Sep 7, 2017, at 16:16, RFC Errata System <rfc-editor@rfc-editor.org> wrote:
> 
> The following errata report has been submitted for RFC7030,
> "Enrollment over Secure Transport".
> 
> --------------------------------------
> You may review the report below and at:
> http://www.rfc-editor.org/errata/eid5107
> 
> --------------------------------------
> Type: Technical
> Reported by: Sean Turner <sean@sn3rd.com>
> 
> Section: 3.2.1
> 
> Original Text
> -------------
> 
> 
> Corrected Text
> --------------
> Add the following is as the last paragraph of Section 3.2.1:
> 
>  [RFC2616] indicates "HTTP does not use the
>  Content-Transfer-Encoding (CTE) field of RFC 2045”; nevertheless, this
>  document was published specifying the use of the
>  Content-Transfer-Encoding header with a value of ‘base64' in Sections
>  4.1.3, 4.3.1, 4.3.2, 4.4.2, 4.5.2, as well as in the examples in
>  Appendices A.1-A.4.   As HTTP is binary-clean transport, there is no
>  need to indicate this for HTTP-based protocols like EST.  EST server
>  implementations SHOULD omit the Content-Transfer-Encoding header if
>  they know a priori that EST clients do not rely this field.  EST
>  Clients SHOULD expect that the Content-Transfer-Encoding header will
>  be absent unless they have an a priori agreement with the EST server.
>  The mechanism to establish this client dependency is out-of-scope.
> 
> Notes
> -----
> EST, which is an HTTP-based protocol, erroneous used CTE.  This errata addresses this error.
> 
> Note that the text was reviewed by a RAI AD as well as multiple EST implementors.
> 
> Instructions:
> -------------
> This erratum is currently posted as "Reported". If necessary, please
> use "Reply All" to discuss whether it should be verified or
> rejected. When a decision is reached, the verifying party  
> can log in to change the status and edit the report, if necessary. 
> 
> --------------------------------------
> RFC7030 (draft-ietf-pkix-est-09)
> --------------------------------------
> Title               : Enrollment over Secure Transport
> Publication Date    : October 2013
> Author(s)           : M. Pritikin, Ed., P. Yee, Ed., D. Harkins, Ed.
> Category            : PROPOSED STANDARD
> Source              : Public-Key Infrastructure (X.509)
> Area                : Security
> Stream              : IETF
> Verifying Party     : IESG