Re: [saag] Status of the SCEP RFC draft
Peter Gutmann <pgut001@cs.auckland.ac.nz> Tue, 12 December 2017 03:43 UTC
Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9157A1293E3 for <saag@ietfa.amsl.com>; Mon, 11 Dec 2017 19:43:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level:
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=auckland.ac.nz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WHdKY16iUepL for <saag@ietfa.amsl.com>; Mon, 11 Dec 2017 19:43:11 -0800 (PST)
Received: from mx4.auckland.ac.nz (mx4.auckland.ac.nz [130.216.125.248]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 348D31293DB for <saag@ietf.org>; Mon, 11 Dec 2017 19:43:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=mail; t=1513050191; x=1544586191; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=M0c+aJBRwzYd1Pca/2ys+3Ha8TVicgSaDvkE1FUc1pQ=; b=j3jLvE8gz2rjKxC5xsci3ZCJ/o1ZufssEf1ffJU7GbiYnmgKBuikKuKv wM9WiWHqMLy0AK/06L7EQf6rAUmigllMsDLia73OT2XVkcnS8DGH68CvO QcumYKp2ldguzSyfHNVgRUMQFRVMeYSH4su6VNwno3oQ9edsaynIZAtaf 7v8Qpg9joK64I5wrWPGq8zaGEM/qY83weV+EcQ2AGBnfwDtjvJd+df/WX Pv6N9uZU/CsJsez8tE8vqrbn5+1KA2vUw+gMTc+Sbul+9qZk1WIc4f7Rj ovtALHoq3xcdAh5BlZzdHVXHD6fRY5VyENNBiPZTHriInCGzHHAwhQp9C w==;
X-IronPort-AV: E=Sophos;i="5.45,393,1508756400"; d="scan'208";a="203029298"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 10.6.2.5 - Outgoing - Outgoing
Received: from uxcn13-ogg-d.uoa.auckland.ac.nz ([10.6.2.5]) by mx4-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 12 Dec 2017 16:43:08 +1300
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz (10.6.2.5) by uxcn13-ogg-d.UoA.auckland.ac.nz (10.6.2.5) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Tue, 12 Dec 2017 16:43:08 +1300
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.25]) by uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.25]) with mapi id 15.00.1263.000; Tue, 12 Dec 2017 16:43:08 +1300
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: Sean Turner <sean@sn3rd.com>, "saag@ietf.org" <saag@ietf.org>
Thread-Topic: [saag] Status of the SCEP RFC draft
Thread-Index: AQHTbw4UUnneaIh1UU6hdrWtX9hT6aM52C8AgABMNQCAAEU+gIAAA2GAgAGSL4CAAU7l1YAAWooAgAASSgCAABRIgIAAGIGAgAA3hQCAAPfrwQ==
Date: Tue, 12 Dec 2017 03:43:07 +0000
Message-ID: <1513050187576.97593@cs.auckland.ac.nz>
References: <1512618517258.43968@cs.auckland.ac.nz> <0150f450-6dba-87c2-b333-e96b6c028adb@lounge.org> <D651441C.A9C96%carl@redhoundsoftware.com> <6f26b6bd-fab8-9961-2fc1-5969c573b3c2@lounge.org> <D65185CE.A9CFC%carl@redhoundsoftware.com> <dfd43b28-d78f-ef04-521c-a249871b692c@openca.org> <1512952085878.6345@cs.auckland.ac.nz> <d42dc5dc-aad6-cc97-e784-b3b1cb9b8f97@openca.org> <6399716C-BD6C-49A0-A346-9AC431241B51@akamai.com> <840AAD22-8A8A-4482-AEF6-B695B5B2E8A7@icloud.com> <91B7C40D-1801-4899-B4E9-09976D2C029D@akamai.com>, <30C85592-D5CE-4A32-A6A1-CA22AEEB86A2@sn3rd.com>
In-Reply-To: <30C85592-D5CE-4A32-A6A1-CA22AEEB86A2@sn3rd.com>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [130.216.158.4]
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/esgeEaOn33Kwh7vn7kewxW0wYcU>
Subject: Re: [saag] Status of the SCEP RFC draft
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Dec 2017 03:43:14 -0000
Sean Turner <sean@sn3rd.com> writes: >The thing though is that the specification, at least, has had quite a >number of changes since then The bits-on-the-wire is still identical, the reason so much of the text has changed is because the document grew by accretion and the rewrite was an attempt to... well, as the appendix says: This specification has spent more than seventeen years in the draft stage. [...] To fit this role, extra features were bolted on in a haphazard manner through the addition of a growing list of appendices and by inserting additional, often conflicting, paragraphs in various locations in the body text. Since existing features were never updated as newer ones were added, the specification accumulated large amounts of historical baggage over time. [More text that basically says "this update cleans things up"] So it's the same on-the-wire protocol, just with the text describing it cleaned up. >Note that I believe all of RSA's PKCS specifications published through the >IETF stream were informational. Ah, fair enough. As I mentioned previously, I can live with Informational if that's what the rules say. >And that brings up another point that I think needs to be made clear. >Often, RSA has explicitly granted change control to the IETF. Because SCEP >started out as "Cisco Systems' Simple Certificate Enrollment Protocol” and >was that way up until draft-nourse-scep-22 is Cisco doing the same here? When I revived the draft, I posted messages to everywhere I could think of that had SCEP people (the old SCEP mailing list, the JSCEP list, and there was something done at an IETF) and asked if anyone had any objections if I continued with the work. It was pretty informal. (There was discussion about it with the original authors who could still be contacted, but it was all in private email, if any of the original authors want to speak out publicly, feel free). >I gotta ask about the dropped pre-5378 boiler plate. Was approval obtained >from each of the previous authors: Xiaoyi Liu, Cheryl Madson, David McGrew, >Andrew Nourse, Jan Vilhuber, and Max Pritikin? It’s annoying process >mumbo-jumbo but because I couldn’t get an answer from everybody the pre-5378 >boiler plate had to be included in the SSL RFC: >https://datatracker.ietf.org/doc/rfc6101/. Some of the authors can't be contacted any more (some of the removal requests I mentioned in a previous message were things like "X left the company Y years ago, please remove their name"), so in general, "no". However given that 5378 dates from the time of draft-nourse-scep-xx, wouldn't it already fall under 5378? Just as an FYI, there wasn't any explicit move from boilerplate-X to boilerplate-Y, the draft just contains whatever xml2rfc puts in there by default. I really don't mind what boilerplate it comes with, as long as it's not too much of a headache to deal with via xml2rfc, which from memory dings you for the use of outdated boilerplate. Peter.
- [saag] Status of the SCEP RFC draft Peter Gutmann
- Re: [saag] Status of the SCEP RFC draft Tim Hollebeek
- Re: [saag] Status of the SCEP RFC draft Carl Wallace
- Re: [saag] Status of the SCEP RFC draft Paul Hoffman
- Re: [saag] Status of the SCEP RFC draft Stephen Farrell
- Re: [saag] Status of the SCEP RFC draft Max Pritikin (pritikin)
- Re: [saag] Status of the SCEP RFC draft Peter Gutmann
- Re: [saag] Status of the SCEP RFC draft Kathleen Moriarty
- Re: [saag] Status of the SCEP RFC draft Peter Gutmann
- Re: [saag] Status of the SCEP RFC draft Dan Harkins
- Re: [saag] Status of the SCEP RFC draft Carl Wallace
- Re: [saag] Status of the SCEP RFC draft Henry B (Hank) Hotz, CISSP
- Re: [saag] Status of the SCEP RFC draft Dan Harkins
- Re: [saag] Status of the SCEP RFC draft Carl Wallace
- Re: [saag] Status of the SCEP RFC draft Dr. Pala
- Re: [saag] Status of the SCEP RFC draft Michael Richardson
- Re: [saag] Status of the SCEP RFC draft Salz, Rich
- Re: [saag] Status of the SCEP RFC draft Peter Gutmann
- Re: [saag] Status of the SCEP RFC draft Stephen Farrell
- Re: [saag] Status of the SCEP RFC draft Peter Gutmann
- Re: [saag] Status of the SCEP RFC draft Panos Kampanakis (pkampana)
- Re: [saag] Status of the SCEP RFC draft Viktor Dukhovni
- Re: [saag] Status of the SCEP RFC draft Dan Harkins
- Re: [saag] Status of the SCEP RFC draft Russ Housley
- Re: [saag] Status of the SCEP RFC draft Paul Hoffman
- Re: [saag] Status of the SCEP RFC draft Dr. Pala
- Re: [saag] Status of the SCEP RFC draft Salz, Rich
- Re: [saag] Status of the SCEP RFC draft Jon Callas
- Re: [saag] Status of the SCEP RFC draft Salz, Rich
- Re: [saag] Status of the SCEP RFC draft Sean Turner
- [saag] Certificate provisioning protocols Peter Gutmann
- Re: [saag] Status of the SCEP RFC draft Peter Gutmann
- Re: [saag] Status of the SCEP RFC draft Peter Gutmann
- Re: [saag] Status of the SCEP RFC draft Jon Callas
- Re: [saag] Status of the SCEP RFC draft Sean Turner
- Re: [saag] Status of the SCEP RFC draft Ted Lemon
- Re: [saag] Status of the SCEP RFC draft Carl Wallace
- Re: [saag] Status of the SCEP RFC draft Peter Gutmann
- Re: [saag] Status of the SCEP RFC draft Jim Schaad
- Re: [saag] Status of the SCEP RFC draft Sean Turner
- Re: [saag] Status of the SCEP RFC draft Peter Gutmann
- Re: [saag] Status of the SCEP RFC draft Jim Schaad
- Re: [saag] Status of the SCEP RFC draft Peter Gutmann