Re: [smime] draft-turner-additional-cms-ri-choices-00
Sean Turner <turners@ieca.com> Fri, 09 October 2009 14:29 UTC
Return-Path: <turners@ieca.com>
X-Original-To: smime@core3.amsl.com
Delivered-To: smime@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 180B13A6A57 for <smime@core3.amsl.com>; Fri, 9 Oct 2009 07:29:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.558
X-Spam-Level:
X-Spam-Status: No, score=-3.558 tagged_above=-999 required=5 tests=[AWL=0.741, BAYES_00=-2.599, GB_I_INVITATION=-2, MIME_8BIT_HEADER=0.3]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jWqWYPDB1Byo for <smime@core3.amsl.com>; Fri, 9 Oct 2009 07:29:15 -0700 (PDT)
Received: from smtp104.biz.mail.re2.yahoo.com (smtp104.biz.mail.re2.yahoo.com [206.190.52.173]) by core3.amsl.com (Postfix) with SMTP id 9DF4A28C18F for <smime@ietf.org>; Fri, 9 Oct 2009 07:28:59 -0700 (PDT)
Received: (qmail 8023 invoked from network); 9 Oct 2009 14:30:42 -0000
Received: from unknown (HELO thunderfish.local) (turners@96.241.5.100 with plain) by smtp104.biz.mail.re2.yahoo.com with SMTP; 9 Oct 2009 14:30:42 -0000
X-Yahoo-SMTP: qPTWNAeswBAtDTSn9GKlmmL3C90ke7grn_5n9To-
X-YMail-OSG: S3UWRDYVM1lxzrQBaZOw0vW4g00c7D2qhRjEG0JddwrnMAqO58Agw6f8Gt4X8TbZaaVUg4RAAQqlxLhlO9jNSs6U.uA9qk9GCvvhv3bFdWYHCC8MRlyOLjPWC1vsqKaV0WdRJPxN7GudXl6fiebZ2a3NlCAzkml2FB6VZYQMNX3aa8A02ZuxWRSwn22rKBmdDKjc_zLHR6IULpBupdaL41D6lGOCEn24oOJeMRlMOgfB.Yo3ycjqc7VEf2It3oFMzlDrHuHgJMX3R8brd2rn1_pU7EF3oL.o.zY5CJ1NZX3hRJak558l5B8H8X_CVRfl_u5lVz3NDF.NEqkJ_w--
X-Yahoo-Newman-Property: ymail-3
Message-ID: <4ACF4911.4000904@ieca.com>
Date: Fri, 09 Oct 2009 10:30:41 -0400
From: Sean Turner <turners@ieca.com>
User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812)
MIME-Version: 1.0
To: Alfred � <ah@TR-Sys.de>
References: <200910091303.PAA13132@TR-Sys.de>
In-Reply-To: <200910091303.PAA13132@TR-Sys.de>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Cc: smime@ietf.org
Subject: Re: [smime] draft-turner-additional-cms-ri-choices-00
X-BeenThere: smime@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: SMIME Working Group <smime.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/smime>, <mailto:smime-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/smime>
List-Post: <mailto:smime@ietf.org>
List-Help: <mailto:smime-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/smime>, <mailto:smime-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Oct 2009 14:29:16 -0000
Alfred,
Thanks again for the review.
spt
Alfred � wrote:
> Hello,
> following Sean's kind invitation, I have taken a closer look at
> draft-turner-additional-cms-ri-choices-00.
>
> It has been observed that CRLs in many deployments are increasing
> in size to an extent making their use unmanageable in various
> messaging scenarios. The IETF has standardized two protocols
> providing certificate verification information.
> To make responses obtained via these protocols available for
> inclusion in CMS messages in an interoperable manner, standardized
> conventions are needed, and this draft aims at providing these.
>
> As such, this is a useful addition to the CMS framework.
> I support adopting this straightforward document, which should not
> need much discussion, and it should b possible to ship it quickly
> to the IESG for publication as a Standards Track RFC.
>
>
> Editorials:
>
>
> (1) Section 4 -- a typo, and an enhancement request
>
> (1a)
> Typo in the 1st line: s/unprotect/unprotected/
Fixed.
> (1b)
> Because of the commonality and the related flaw later on in the draft,
> I suggest to add to the text in Section 4 a clause like:
>
> | SCVP responses use the type CVResponse, identified by the OID
> | id-ct-scvp-certValResponse, which both are defined in [SCVP].
>
> After this addition, some subsequent text might be shortened.
> (This is a MAY !)
I can see what you're driving at, but I have to admit that I like that
all the text for authenticated, unauthenticated, and unprotected are in
their own sections. This way if somebody just jumps to that section
it's all there.
> (2) Section 4.2 and Appendix A.1 -- inconsistency
>
> Apparently, there has been a shift in the design; now the idea is
> to assign new OIDs all under the id-ri branch, and not to 'recycle'
> id-ct-scvp-certValResponse immediately for Unprotected SCVP Responses.
>
> However, this shift has not been completed consistently in the draft
> text; the next detail most likely is a result of this incomplete
> change.
>
> In Section 4.2, the first paragraph and the subsequent definition
> do not match and this inconsistency leads to an inappropriate
> citation:
>
> To carry an unprotected SCVP response, the otherRevInfoFormat is set
> | to id-ct-scvp-certValResponse, which has the following ASN.1
> ^^^^^^^^^^^^^^^^^^^^^^^
> | definition [SCVP]:
> ^^^^^^^
> ! id-ri-unprotected-scvp-response OBJECT IDENTIFIER ::= { id-ri TBD }
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> Following the naming style in 4.1.*, this should perhaps read:
>
> To carry an unprotected SCVP response, the otherRevInfoFormat is set
> | to id-ri-unprotected-scvp-response, which has the following ASN.1
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> | definition:
>
> id-ri-unprotected-scvp-response OBJECT IDENTIFIER ::= { id-ri TBD }
Yes it should. Fixed.
> Note:
> It would indeed have made some sense to keep
> id-ct-scvp-certValResponse for this purpose,
> but the uniform use of id-ri would be lost this way.
>
> Even worse, the last OID definition in A.1 does not match
> Section 4.2 either, introducing yet another name, which does
> not appear anywhere else in the draft:
>
> | id-ri-scvp-certValResponse OBJECT IDENTIFIER ::= { id-ri TBD }
> ^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> I strongly propose to use id-ri-unprotected-scvp-response as well.
Fixed.
> Note:
> A.2 indeed uses, consistent with the definition in 4.2 (but not
> the prose, as shown above):
>
> | id-ri-unprotected-scvp-response OBJECT IDENTIFIER ::= { id-ri TBD }
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> Please ensure consistency of the OID names.
All aligned.
> (3) Appendix A -- comment
>
> The draft says:
>
> Appendix A.1 provides the normative ASN.1 definitions for the
> structures described in this specification using ASN.1 as defined in
> [X.680] for compilers that support the 1988 ASN.1.
>
> Appendix A.2 provides informative ASN.1 definitions for the
> structures described in this specification using ASN.1 as defined in
> [X.680], [X.681], [X.682], and [X.683] for compilers that support the
> 2002 ASN.1. This appendix contains the same information as Appendix
> A.1 in a more recent (and precise) ASN.1 notation, however Appendix
> A.1 takes precedence in case of conflict.
>
> That's a really nice description.
> Should the WG adopt this text as boilerplate for future documents --
> as long as we still hesitate to fully shift to the 'new' ASN.1 ?
Technically, the WG hasn't adopted this as a WG item. I do think that
until the new ASN.1 IDs are published that we have to have this
boilerplate. I've copied it from other IDs in this WG and others that
have both ASN.1 versions.
- [smime] draft-turner-additional-cms-ri-choices-00 Alfred Hönes
- Re: [smime] draft-turner-additional-cms-ri-choice… Sean Turner