IETF Logo Mail Archive

Re: [saag] Status of the SCEP RFC draft

Peter Gutmann <pgut001@cs.auckland.ac.nz> Tue, 12 December 2017 03:43 UTC

Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9157A1293E3 for <saag@ietfa.amsl.com>; Mon, 11 Dec 2017 19:43:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level:
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=auckland.ac.nz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WHdKY16iUepL for <saag@ietfa.amsl.com>; Mon, 11 Dec 2017 19:43:11 -0800 (PST)
Received: from mx4.auckland.ac.nz (mx4.auckland.ac.nz [130.216.125.248]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 348D31293DB for <saag@ietf.org>; Mon, 11 Dec 2017 19:43:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=mail; t=1513050191; x=1544586191; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=M0c+aJBRwzYd1Pca/2ys+3Ha8TVicgSaDvkE1FUc1pQ=; b=j3jLvE8gz2rjKxC5xsci3ZCJ/o1ZufssEf1ffJU7GbiYnmgKBuikKuKv wM9WiWHqMLy0AK/06L7EQf6rAUmigllMsDLia73OT2XVkcnS8DGH68CvO QcumYKp2ldguzSyfHNVgRUMQFRVMeYSH4su6VNwno3oQ9edsaynIZAtaf 7v8Qpg9joK64I5wrWPGq8zaGEM/qY83weV+EcQ2AGBnfwDtjvJd+df/WX Pv6N9uZU/CsJsez8tE8vqrbn5+1KA2vUw+gMTc+Sbul+9qZk1WIc4f7Rj ovtALHoq3xcdAh5BlZzdHVXHD6fRY5VyENNBiPZTHriInCGzHHAwhQp9C w==;
X-IronPort-AV: E=Sophos;i="5.45,393,1508756400"; d="scan'208";a="203029298"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 10.6.2.5 - Outgoing - Outgoing
Received: from uxcn13-ogg-d.uoa.auckland.ac.nz ([10.6.2.5]) by mx4-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 12 Dec 2017 16:43:08 +1300
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz (10.6.2.5) by uxcn13-ogg-d.UoA.auckland.ac.nz (10.6.2.5) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Tue, 12 Dec 2017 16:43:08 +1300
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.25]) by uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.25]) with mapi id 15.00.1263.000; Tue, 12 Dec 2017 16:43:08 +1300
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: Sean Turner <sean@sn3rd.com>, "saag@ietf.org" <saag@ietf.org>
Thread-Topic: [saag] Status of the SCEP RFC draft
Thread-Index: AQHTbw4UUnneaIh1UU6hdrWtX9hT6aM52C8AgABMNQCAAEU+gIAAA2GAgAGSL4CAAU7l1YAAWooAgAASSgCAABRIgIAAGIGAgAA3hQCAAPfrwQ==
Date: Tue, 12 Dec 2017 03:43:07 +0000
Message-ID: <1513050187576.97593@cs.auckland.ac.nz>
References: <1512618517258.43968@cs.auckland.ac.nz> <0150f450-6dba-87c2-b333-e96b6c028adb@lounge.org> <D651441C.A9C96%carl@redhoundsoftware.com> <6f26b6bd-fab8-9961-2fc1-5969c573b3c2@lounge.org> <D65185CE.A9CFC%carl@redhoundsoftware.com> <dfd43b28-d78f-ef04-521c-a249871b692c@openca.org> <1512952085878.6345@cs.auckland.ac.nz> <d42dc5dc-aad6-cc97-e784-b3b1cb9b8f97@openca.org> <6399716C-BD6C-49A0-A346-9AC431241B51@akamai.com> <840AAD22-8A8A-4482-AEF6-B695B5B2E8A7@icloud.com> <91B7C40D-1801-4899-B4E9-09976D2C029D@akamai.com>, <30C85592-D5CE-4A32-A6A1-CA22AEEB86A2@sn3rd.com>
In-Reply-To: <30C85592-D5CE-4A32-A6A1-CA22AEEB86A2@sn3rd.com>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [130.216.158.4]
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/esgeEaOn33Kwh7vn7kewxW0wYcU>
Subject: Re: [saag] Status of the SCEP RFC draft
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Dec 2017 03:43:14 -0000

Sean Turner <sean@sn3rd.com> writes:

>The thing though is that the specification, at least, has had quite a 
>number of changes since then

The bits-on-the-wire is still identical, the reason so much of the text has
changed is because the document grew by accretion and the rewrite was an
attempt to... well, as the appendix says:

   This specification has spent more than seventeen years in the draft
   stage.  [...]  To fit this role, extra features were bolted on in a
   haphazard manner through the addition of a growing list of appendices
   and by inserting additional, often conflicting, paragraphs in various
   locations in the body text.  Since existing features were never
   updated as newer ones were added, the specification accumulated large
   amounts of historical baggage over time. 

   [More text that basically says "this update cleans things up"]
   
So it's the same on-the-wire protocol, just with the text describing it 
cleaned up.

>Note that I believe all of RSA's PKCS specifications published through the 
>IETF stream were informational.

Ah, fair enough.  As I mentioned previously, I can live with Informational
if that's what the rules say.

>And that brings up another point that I think needs to be made clear.  
>Often, RSA has explicitly granted change control to the IETF.  Because SCEP 
>started out as "Cisco Systems' Simple Certificate Enrollment Protocol” and 
>was that way up until draft-nourse-scep-22 is Cisco doing the same here?

When I revived the draft, I posted messages to everywhere I could think of
that had SCEP people (the old SCEP mailing list, the JSCEP list, and there
was something done at an IETF) and asked if anyone had any objections if I 
continued with the work.  It was pretty informal.

(There was discussion about it with the original authors who could still be
contacted, but it was all in private email, if any of the original authors
want to speak out publicly, feel free).

>I gotta ask about the dropped pre-5378 boiler plate.  Was approval obtained 
>from each of the previous authors: Xiaoyi Liu, Cheryl Madson, David McGrew, 
>Andrew Nourse, Jan Vilhuber, and Max Pritikin?  It’s annoying process 
>mumbo-jumbo but because I couldn’t get an answer from everybody the pre-5378 
>boiler plate had to be included in the SSL RFC: 
>https://datatracker.ietf.org/doc/rfc6101/.

Some of the authors can't be contacted any more (some of the removal requests 
I mentioned in a previous message were things like "X left the company Y 
years ago, please remove their name"), so in general, "no".  However given 
that 5378 dates from the time of draft-nourse-scep-xx, wouldn't it already 
fall under 5378?

Just as an FYI, there wasn't any explicit move from boilerplate-X to 
boilerplate-Y, the draft just contains whatever xml2rfc puts in there by
default.  I really don't mind what boilerplate it comes with, as long as 
it's not too much of a headache to deal with via xml2rfc, which from memory
dings you for the use of outdated boilerplate.

Peter.

v2.23.0 | Report a Bug | By Email