IETF Logo Mail Archive

Re: [sidr] I-D Action: draft-ietf-sidr-rfc6485bis-02.txt

Sandra Murphy <sandy@tislabs.com> Thu, 21 May 2015 21:09 UTC

Return-Path: <sandy@tislabs.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3CA711A904E for <sidr@ietfa.amsl.com>; Thu, 21 May 2015 14:09:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.911
X-Spam-Level:
X-Spam-Status: No, score=-1.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Rw9R35YTCPNF for <sidr@ietfa.amsl.com>; Thu, 21 May 2015 14:09:00 -0700 (PDT)
Received: from walnut.tislabs.com (walnut.tislabs.com [192.94.214.200]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AF39D1A904F for <sidr@ietf.org>; Thu, 21 May 2015 14:09:00 -0700 (PDT)
Received: from nova.tislabs.com (unknown [10.66.1.77]) by walnut.tislabs.com (Postfix) with ESMTP id 12B3128B0043; Thu, 21 May 2015 17:09:00 -0400 (EDT)
Received: from [127.0.0.1] (localhost.localdomain [127.0.0.1]) by nova.tislabs.com (Postfix) with ESMTP id 0CEEC1F8035; Thu, 21 May 2015 17:09:00 -0400 (EDT)
Content-Type: multipart/signed; boundary="Apple-Mail=_6CFB7CE4-AE99-4ADD-9F0A-9AD498669489"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\))
From: Sandra Murphy <sandy@tislabs.com>
In-Reply-To: <555CE890.1090802@bbn.com>
Date: Thu, 21 May 2015 17:08:59 -0400
Message-Id: <462B3352-DAA9-476C-AA33-C517C515B7F0@tislabs.com>
References: <20150515192215.5707.56279.idtracker@ietfa.amsl.com> <555CE890.1090802@bbn.com>
To: Richard Hansen <rhansen@bbn.com>
X-Mailer: Apple Mail (2.1510)
Archived-At: <http://mailarchive.ietf.org/arch/msg/sidr/iEcOf-XySUjxW4T-_J9CfAaU9pA>
Cc: sidr@ietf.org, Sandra Murphy <sandy@tislabs.com>
Subject: Re: [sidr] I-D Action: draft-ietf-sidr-rfc6485bis-02.txt
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 May 2015 21:09:06 -0000

On May 20, 2015, at 4:03 PM, Richard Hansen <rhansen@bbn.com> wrote:

> Hi all,
> 
> I did a careful review of this draft and sent detailed comments to the
> authors off list.  Here is a summary of my comments for everyone's
> reference:
> 
> Important issues:
> 
>  * the reference to RFC6488 in the introduction was accidentally
>    changed to RFC2119
>  * section 8 is incorrect -- sha256WithRSAEncryption does not
>    violate the CMS RFCs (implementations just choose to use
>    rsaEncryption instead, which has the same meaning in this
>    context)

You might want to review the message on the list:
https://www.ietf.org/mail-archive/web/sidr/current/msg04813.html
that covers the whole CMS mandatory-to-implement requirement, the implementations, and the whole tangled story of the document chain.  

[That's Rob Austein, who also acknowledges Andrew Chi, David Mandelberg, and Russ Housley assisting in untangling the tangled web of references.]

Perhaps you are concerned mostly about the terms being used?  But the rfc6485bis document does not say "violate" and I believe that what it says agrees with the message above.  If you don't think so, you should say why.


>  * the OID and meaning of rsaEncryption is not defined in this
>    document, and there is no normative reference to a definition

This is not the right place to define the OID for rsaEncryption.  It is found in 3370, which 5754 (one of the references) updates and normatively references.  

> 
> Moderate issues:
> 
>  * section 2 is confusing (alternative wording sent to authors)
>  * errata not incorporated (though their status is still "Reported"…)

Those that are still shown as "Reported" have not yet been reviewed.  As Sean said, it is possible for an errata to be rejected.

The description of the errata process is found at https://www.ietf.org/iesg/statement/errata-processing.html.

--Sandy, speaking as regular ol' member


>  * certification requests aren't mentioned everywhere they should be
> 
> Minor issues:
> 
>  * many of the edits made by the RFC Editor are missing
>  * at the beginning of section 2, the reference to RFC4055 Section 5
>    should be RFC3447 Section 8.2
> 
> Nice-to-haves:
> 
>  * replace "signed object" with "CMS signed object" to avoid ambiguity
>  * add a Table of Contents
>  * include informative references in the introduction
>  * cite the algorithm agility RFC in section 5
> 
> -Richard
> 
> 
> On 2015-05-15 15:22, internet-drafts@ietf.org wrote:
>> 
>> A New Internet-Draft is available from the on-line Internet-Drafts directories.
>> This draft is a work item of the Secure Inter-Domain Routing Working Group of the IETF.
>> 
>>        Title           : The Profile for Algorithms and Key Sizes for use in the Resource Public Key Infrastructure
>>        Authors         : Geoff Huston
>>                          George Michaelson
>> 	Filename        : draft-ietf-sidr-rfc6485bis-02.txt
>> 	Pages           : 7
>> 	Date            : 2015-05-15
>> 
>> Abstract:
>>   This document specifies the algorithms, algorithms' parameters,
>>   asymmetric key formats, asymmetric key size and signature format for
>>   the Resource Public Key Infrastructure subscribers that generate
>>   digital signatures on certificates, Certificate Revocation Lists, and
>>   signed objects as well as for the Relying Parties that verify these
>>   digital signatures.
>> 
>> 
>> The IETF datatracker status page for this draft is:
>> https://datatracker.ietf.org/doc/draft-ietf-sidr-rfc6485bis/
>> 
>> There's also a htmlized version available at:
>> https://tools.ietf.org/html/draft-ietf-sidr-rfc6485bis-02
>> 
>> A diff from the previous version is available at:
>> https://www.ietf.org/rfcdiff?url2=draft-ietf-sidr-rfc6485bis-02
>> 
>> 
>> Please note that it may take a couple of minutes from the time of submission
>> until the htmlized version and diff are available at tools.ietf.org.
>> 
>> Internet-Drafts are also available by anonymous FTP at:
>> ftp://ftp.ietf.org/internet-drafts/
>> 
>> _______________________________________________
>> sidr mailing list
>> sidr@ietf.org
>> https://www.ietf.org/mailman/listinfo/sidr
> 
> _______________________________________________
> sidr mailing list
> sidr@ietf.org
> https://www.ietf.org/mailman/listinfo/sidr

v2.23.0 | Report a Bug | By Email