Re: [secdir] Secdir Review of draft-ietf-netconf-rfc5539bis-09

t.p. <daedulus@btconnect.com> Tue, 10 March 2015 14:18 UTC

Return-Path: <daedulus@btconnect.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3EB021A00F6; Tue, 10 Mar 2015 07:18:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w-TUujyrm9Ct; Tue, 10 Mar 2015 07:18:49 -0700 (PDT)
Received: from emea01-am1-obe.outbound.protection.outlook.com (mail-am1on0721.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe00::721]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 678481A6FF5; Tue, 10 Mar 2015 07:18:49 -0700 (PDT)
Received: from pc6 (86.185.85.149) by AMSPR07MB248.eurprd07.prod.outlook.com (10.242.19.27) with Microsoft SMTP Server (TLS) id 15.1.106.15; Tue, 10 Mar 2015 14:18:25 +0000
Message-ID: <006c01d05b3c$c44eac40$4001a8c0@gateway.2wire.net>
From: t.p. <daedulus@btconnect.com>
To: Sam Hartman <hartmans-ietf@mit.edu>
References: <tslioeagymn.fsf@mit.edu><000b01d05b2b$8d3ab2a0$4001a8c0@gateway.2wire.net> <tsltwxtauij.fsf@mit.edu>
Date: Tue, 10 Mar 2015 14:16:04 +0000
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-Originating-IP: [86.185.85.149]
X-ClientProxiedBy: DB4PR02CA0049.eurprd02.prod.outlook.com (10.242.174.177) To AMSPR07MB248.eurprd07.prod.outlook.com (10.242.19.27)
Authentication-Results: mit.edu; dkim=none (message not signed) header.d=none;
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:AMSPR07MB248;
X-Microsoft-Antispam-PRVS: <AMSPR07MB248FC6444132B5B4A5AA6CAC6180@AMSPR07MB248.eurprd07.prod.outlook.com>
X-Forefront-Antispam-Report: BMV:1; SFV:NSPM; SFS:(10019020)(6009001)(377454003)(13464003)(51704005)(87976001)(47776003)(62236002)(116806002)(44736004)(62966003)(50226001)(46102003)(2171001)(66066001)(92566002)(1556002)(76176999)(50986999)(81686999)(110136001)(81816999)(230783001)(14496001)(19580405001)(122386002)(23756003)(33646002)(44716002)(86362001)(19580395003)(77096005)(1456003)(40100003)(77156002)(84392001)(50466002)(61296003)(42186005)(74416001)(7726001); DIR:OUT; SFP:1102; SCL:1; SRVR:AMSPR07MB248; H:pc6; FPR:; SPF:None; MLV:nov; PTR:InfoNoRecords; LANG:en;
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(601004)(5005006)(5002009); SRVR:AMSPR07MB248; BCL:0; PCL:0; RULEID:; SRVR:AMSPR07MB248;
X-Forefront-PRVS: 051158ECBB
X-OriginatorOrg: btconnect.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Mar 2015 14:18:25.3048 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AMSPR07MB248
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/b5sg7BoQQu2_hYm7BzR21YgE_Ss>
Cc: iesg@ietf.org, draft-ietf-netconf-rfc5539bis.all@tools.ietf.org, Sam Hartman <hartmans-ietf@mit.edu>, ietf@ietf.org, secdir@ietf.org
Subject: Re: [secdir] Secdir Review of draft-ietf-netconf-rfc5539bis-09
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Mar 2015 14:18:51 -0000

----- Original Message -----
From: "Sam Hartman" <hartmans-ietf@mit.edu>
To: "t.p." <daedulus@btconnect.com>
Cc: "Sam Hartman" <hartmans-ietf@mit.edu>du>; <ietf@ietf.org>rg>;
<secdir@ietf.org>rg>; <iesg@ietf.org>rg>;
<draft-ietf-netconf-rfc5539bis.all@tools.ietf.org>
Sent: Tuesday, March 10, 2015 12:48 PM
> >>>>> "t" == t p <daedulus@btconnect.com> writes:
>
> Well, I think you still need to answer questions like
>
> * Is it a fingerprint of the cert or the key?
>
> * Is the server expected to re-normalize the DER?    Allowed to
>   re-normalize the DER?

Sam

Thank you for your comments.

The I-D specifies fingerprint of the certificate so that is specified.

Normalisation is not specified and is an interesting point; as you say,
something to be considered.

Tom Petch

> So that the input to the hash is well specified.
> Several protocols within the IETF have taken on the challenge of
> describing how to fingerprint certificates.  I think the document
would
> be improved by picking one of these strategies.
>