[secdir] Secdir review of draft-wallace-est-alt-challenge-05
Alexey Melnikov <alexey.melnikov@isode.com> Thu, 17 March 2016 10:31 UTC
Return-Path: <alexey.melnikov@isode.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 32B1C12D5BF; Thu, 17 Mar 2016 03:31:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isode.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rFwfFOSqP6uM; Thu, 17 Mar 2016 03:31:51 -0700 (PDT)
Received: from waldorf.isode.com (waldorf.isode.com [62.232.206.188]) by ietfa.amsl.com (Postfix) with ESMTP id A975B12D74F; Thu, 17 Mar 2016 03:31:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1458210705; d=isode.com; s=selector; i=@isode.com; bh=U31s6ijCSQuXZxvQ6GfP5jL7BtiGq2QpjXRvjj18uQc=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=HXTB8tCLFVuyA0A3n6RBOozwAN/QM0I/MhSJKxJGURwX0rmUUZiAt1/nj/RJRIRRJcr2Qk rrm5T5vRpAUqxnbW19jvBfC2kqBbJHYSkyttybbZbuJtfcLxOl3nCPo/UaDq08r+WndCek 9ZTqhaSL7k3gKpYqJjacM7HlwFEZKCM=;
Received: from [172.20.1.215] (dhcp-215.isode.net [172.20.1.215]) by waldorf.isode.com (submission channel) via TCP with ESMTPSA id <VuqHkABTMXr0@waldorf.isode.com>; Thu, 17 Mar 2016 10:31:44 +0000
From: Alexey Melnikov <alexey.melnikov@isode.com>
To: "secdir@ietf.org" <secdir@ietf.org>, draft-wallace-est-alt-challenge.all@ietf.org
Message-ID: <56EA875D.9050805@isode.com>
Date: Thu, 17 Mar 2016 10:30:53 +0000
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.6.0
MIME-Version: 1.0
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/RLJ-f4yL9bxJeK_oyOmGSby-lbw>
Subject: [secdir] Secdir review of draft-wallace-est-alt-challenge-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Mar 2016 10:31:55 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document defines the otpChallenge attribute for use when a one- time password (OTP) value within the CSR is a requirement. The revocationChallenge attribute is defined to allow disambiguated usage of the original challenge password attribute semantics for certificate revocation. The estIdentityLinking attribute is defined to reference existing EST challenge password semantics with no potential for confusion with legacy challenge password practices. These attributes provide disambiguation of the existing overloaded uses for the challengePassword attribute defined in PKCS (Public-Key Cryptography Standards) #9 [RFC2985]. The Security Consideration seems adequate. I found one issue in the ASN.1 module in Appendix A, but it was fixed in the most recent version. So the document is ready for publication.
- [secdir] Secdir review of draft-wallace-est-alt-c… Alexey Melnikov