[secdir] Secdir early review of draft-ietf-lamps-rfc7030-csrattrs-08
Valery Smyslov via Datatracker <noreply@ietf.org> Wed, 03 April 2024 12:34 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 1175FC151535; Wed, 3 Apr 2024 05:34:56 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Valery Smyslov via Datatracker <noreply@ietf.org>
To: secdir@ietf.org
Cc: draft-ietf-lamps-rfc7030-csrattrs.all@ietf.org, spasm@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 12.9.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <171214769605.4394.3756625912941164021@ietfa.amsl.com>
Reply-To: Valery Smyslov <valery@smyslov.net>
Date: Wed, 03 Apr 2024 05:34:56 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/8fbYyO79TM-Roq0mEIfa618OMQQ>
Subject: [secdir] Secdir early review of draft-ietf-lamps-rfc7030-csrattrs-08
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.39
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Apr 2024 12:34:56 -0000
Reviewer: Valery Smyslov Review result: Has Nits I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The draft aims to update RFC 7030 (Enrollment over Secure Transport) to eliminate ambiguity that may arise when EST server wants the client to send particular attribute values in the certificate request. The draft states that the security considerations from RFC7030 are unchanged and I tend to agree. The new mechanism may also increase privacy of the client if the EST server specifies a new opaque identifier for IDevID (which is stated in the draft). Nits: 1. This draft updates RFC 7030, but this is not indicated in its header. 2. It seems to me that definition of id-aa-certificationRequestInfoTemplate in the Section 3.3 and in the Appendix A lacks the name of the new element in OID (only value "TBD2" is present). 3. Section 3.2, typo: s/MUST by/MUST be 4. Section 3.3, typo, perhaps: s/The avoid this drawback/To avoid this drawback 5. Section 3.3, possible typo: s/The SubjectPublicKeyInfo field must be present/The SubjectPublicKeyInfo field MUST be present
- [secdir] Secdir early review of draft-ietf-lamps-… Valery Smyslov via Datatracker
- Re: [secdir] Secdir early review of draft-ietf-la… Michael Richardson
- Re: [secdir] [lamps] Secdir early review of draft… Sean Turner