IETF Logo Mail Archive

Re: [secdir] Secdir review of draft-housley-ct-keypackage-receipt-n-error-05

Jeffrey Hutzelman <jhutz@cmu.edu> Mon, 02 December 2013 23:26 UTC

Return-Path: <jhutz@cmu.edu>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C53771ADF46; Mon, 2 Dec 2013 15:26:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.854
X-Spam-Level:
X-Spam-Status: No, score=-2.854 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_BL_SPAMCOP_NET=1.347, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P2u-C9lHo5My; Mon, 2 Dec 2013 15:26:02 -0800 (PST)
Received: from smtp02.srv.cs.cmu.edu (SMTP02.SRV.CS.CMU.EDU [128.2.217.197]) by ietfa.amsl.com (Postfix) with ESMTP id 170181ADBCD; Mon, 2 Dec 2013 15:26:01 -0800 (PST)
Received: from [128.2.193.239] (minbar.fac.cs.cmu.edu [128.2.193.239]) (authenticated bits=0) by smtp02.srv.cs.cmu.edu (8.13.6/8.13.6) with ESMTP id rB2NPveK018390 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NO); Mon, 2 Dec 2013 18:25:57 -0500 (EST)
Message-ID: <1386026757.9407.135.camel@minbar.fac.cs.cmu.edu>
From: Jeffrey Hutzelman <jhutz@cmu.edu>
To: Russ Housley <housley@vigilsec.com>
Date: Mon, 02 Dec 2013 18:25:57 -0500
In-Reply-To: <22319_1386022511_rB2MFAWd022920_F81277D3-5F3B-4DEA-94B6-03FA65018CC4@vigilsec.com>
References: <CAFOuuo6V-ck6H5xspuYH88fq8nZhwrUmdh9g+WhzgjFKtEqCpg@mail.gmail.com> <22319_1386022511_rB2MFAWd022920_F81277D3-5F3B-4DEA-94B6-03FA65018CC4@vigilsec.com>
Content-Type: text/plain; charset="UTF-8"
X-Mailer: Evolution 3.2.3-0ubuntu6
Content-Transfer-Encoding: 8bit
Mime-Version: 1.0
X-Scanned-By: mimedefang-cmuscs on 128.2.217.197
Cc: The IESG <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, draft-housley-ct-keypackage-receipt-n-error.all@tools.ietf.org, jhutz@cmu.edu
Subject: Re: [secdir] Secdir review of draft-housley-ct-keypackage-receipt-n-error-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Dec 2013 23:26:04 -0000

On Mon, 2013-12-02 at 17:14 -0500, Russ Housley wrote:

> > The document defines a long list of error codes with the comment “Expect additional error codes” without specifying a mechanism for additional error codes to be defined. It also says that there are no IANA considerations, but I would assume that IANA would operate the registry for things like the error codes listed here. If not IANA, where would the definitive registry be?
> 
> I do not think that an IANA registry is the way to go here.  An
> additional specification is needed to publish the ASN.1 module with the
> additional values.  The ASN.1 module in this specification includes:
> 
> 	         ... -- Expect additional error codes  -- }
> 
> so that receipt of a value in this list does not cause a decode error.


So, the key point here is that defining more error codes requires
publishing a new version of the module, which is basically a linear
progression -- each new version will necessarily incorporate all codes
defined in previous versions, and there is no opportunity to "plug in"
additional error codes in specifications that merely extend this one,
rather than revising it.

I think that's fine, provided there is a way to define and transmit
additional error codes for unanticipated uses, site or vendor use, and
so on.  In this case, that comes from the other branch of
ErrorCodeChoice, which allows any OID to be used as an error code.

-- Jeff

v2.23.0 | Report a Bug | By Email