IETF Logo Mail Archive

Re: [smime] [Technical Errata Reported] RFC2633 (5019)

Sean Turner <sean@sn3rd.com> Wed, 17 May 2017 14:28 UTC

Return-Path: <sean@sn3rd.com>
X-Original-To: smime@ietfa.amsl.com
Delivered-To: smime@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7F5E112EBE4 for <smime@ietfa.amsl.com>; Wed, 17 May 2017 07:28:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3Y9iOd7dGt1L for <smime@ietfa.amsl.com>; Wed, 17 May 2017 07:28:19 -0700 (PDT)
Received: from mail-it0-x22b.google.com (mail-it0-x22b.google.com [IPv6:2607:f8b0:4001:c0b::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3DCA5129ADF for <smime@ietf.org>; Wed, 17 May 2017 07:21:27 -0700 (PDT)
Received: by mail-it0-x22b.google.com with SMTP id c15so82058967ith.0 for <smime@ietf.org>; Wed, 17 May 2017 07:21:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=pSLWVkfE9etROeVI/rEQTSpz5BK+cGSyQeXLVXVL7xo=; b=hOd4PHchehSNVdwv5D8KgOGTP/UVc1DfLJhTgD2VgP2P8GxYBKFzzbFYssq6zjAa30 0ATD7fXOS8Obttgwt01c0KWY5zTFX3SAOvFBsy/SOxaY6+zlcvCWkG4WCzo/yQuXtqxs SEnNpp7deGvyUHwo+/2HHB4OoCP6VWZZ9eQsU=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=pSLWVkfE9etROeVI/rEQTSpz5BK+cGSyQeXLVXVL7xo=; b=ZhwENIPM5cxqMG1K0NG3vsBNCwAYo1Ij1LzNi+1FrGpshgt5pl/igSG+Fzo4zhP/JV zaFIS1AVtfBtE4ZZ+DnE83h3NjEf2tFLx2QoRhHdGEjVMTKbEbgewDa/qEG8nDNLRk0H zqoaCSXd05zZSJtI8FgYtf+ztRWgwuBttNkeIsxNLehcsXpm4eMhNeRU+yotub1uVQvD OK1SLFMH3kmi1mFjL0EQuqBM6AcFPcAcdwph9/10aSOaWYTt1CVawaaplJKmOV6S+ENL pgxwwI9vblhBxXDOnANU0Vvuw8lMgTajFdDL/uoJjGFMC1Xcif5cMTNJbxIE3WJ7KghP 0ngQ==
X-Gm-Message-State: AODbwcDwUq+xirHiBnInVcaV/LQXRM6aguaBS46L8yj5J26oyrSq61Bq ND3XFigqHQUj+ldA
X-Received: by 10.36.139.69 with SMTP id g66mr4478002ite.114.1495030886450; Wed, 17 May 2017 07:21:26 -0700 (PDT)
Received: from [5.5.33.119] (vpn.snozzages.com. [204.42.252.17]) by smtp.gmail.com with ESMTPSA id g18sm969200iod.19.2017.05.17.07.21.24 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 17 May 2017 07:21:25 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Sean Turner <sean@sn3rd.com>
In-Reply-To: <CACZqfqDrpYBN4m3bKop9YCOMbkTHUyajBUYyuwxsTcFi+-49MA@mail.gmail.com>
Date: Wed, 17 May 2017 10:21:19 -0400
Cc: Eric Rescorla <ekr@rtfm.com>, IETF SMIME <smime@ietf.org>, Paul Hoffman <paul.hoffman@vpnc.org>, Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>, Jim Schaad <ietf@augustcellars.com>
Content-Transfer-Encoding: quoted-printable
Message-Id: <AD3F4DC5-8E8F-42EB-AEA2-DE46A946CCBE@sn3rd.com>
References: <20170514163550.3ECC2B80A6E@rfc-editor.org> <13A0972A-2D00-4DF8-BFA9-C022D914BCEF@vigilsec.com> <CACZqfqCek=p0y00mAWGs5Sw6xbNJWDJOFk_N8kWa+uwk2JWa4Q@mail.gmail.com> <B4CB5D68-ABFA-4055-986B-75AA747CE66E@vigilsec.com> <000a01d2ccf0$1dc9fdc0$595df940$@augustcellars.com> <CACZqfqC+Px3Hb3ZepMfY2Ci4iCOi85ydEaJ8jsZwziZBTsz6Vw@mail.gmail.com> <001901d2cd01$572946f0$057bd4d0$@augustcellars.com> <CACZqfqDrpYBN4m3bKop9YCOMbkTHUyajBUYyuwxsTcFi+-49MA@mail.gmail.com>
To: Josh Soref <jsoref@gmail.com>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/smime/fgbWvYOd4YcdJtNu3kh5zEycXf8>
Subject: Re: [smime] [Technical Errata Reported] RFC2633 (5019)
X-BeenThere: smime@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: SMIME Working Group <smime.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/smime>, <mailto:smime-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/smime/>
List-Post: <mailto:smime@ietf.org>
List-Help: <mailto:smime-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/smime>, <mailto:smime-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 May 2017 14:28:23 -0000

> On May 15, 2017, at 05:19, Josh Soref <jsoref@gmail.com> wrote:
> 
> https://tools.ietf.org/html/rfc5751 says:
>    id-aa-encrypKeyPref OBJECT IDENTIFIER ::= {id-aa 11}
>    SMIMEEncryptionKeyPreference ::= CHOICE {
>       issuerAndSerialNumber   [0] IssuerAndSerialNumber,
>       receipentKeyId          [1] RecipientKeyIdentifier,
>       subjectAltKeyIdentifier [2] SubjectKeyIdentifier
>    }
> 
>    -- receipentKeyId is spelt incorrectly, but kept for historical
>    -- reasons.
> 
> I'm trying to ask for a similar note.
> Responding with reject and not suggesting a way forward is insulting.

I look at it this way:

0) There are three options for an errata:
- Approve
- Reject
- Hold For Document Update (HFDU)

The mailing list participants are copied on these errata to get their opinion in order to inform the AD how to dispose of the errata.  Most folks are just making their opinions known.

1) The next thing that folks look at is whether it’s technical or not.  Debate ensues, but generally technical errata are those that affect interoperability.  This one I don’t think does because there are no changes to the bits on the wire.

2) And, well folks want to get lots of changes, but the change has to run through the consensus process (back to mailing list input).

So to the import bit:

As I see it, there are two ways to get the note incorporated:

1. Write a draft that adds the note; this seems a bit heavy weight for what you are trying to do.

2. Apply the note to the latest RFC/draft that obsoletes RFC 2633; I guess you went for upstream, but generally the IETF applies changes to the latest/greatest RFC/draft.  That obsoletes chain is: RFC 3851 obsoleted RFC 2633, RFC 3851 was obsoleted by RFC 5751, and draft-ietf-lamps-rfc5751-bis is about to obsolete RFC 5751.  Luckily, draft-ietf-lamps-rfc5751-bis isn’t yet an RFC so there’s an option to have the note added there.

Any objections to adding a note in draft-ietf-lamps-rfc5751-bis along the same lines as the note for receipentKeyId?

spt
> On May 14, 2017 6:38 PM, "Jim Schaad" <ietf@augustcellars.com> wrote:
> I did not intend to be offensive, and I apologize if you have found it so.
> 
>  
> 
> I thought that I offered two reasons why the current suggested errata was incorrect.  If they were both fixed, then I do not know what my position on this suggestion would be.
> 
>  
> 
> I am unclear if the use of sic as presented in the errata is correct or not.  I would need to ask the RFC editor on that point, but if this was editorial and held for update then that is not of any immediate importance.  My general understanding is that “sic” is used, not in original source material, but in quotes to say that I did a faithful transcription of what was in the original document and the spelling (or other) errors are theirs and not mine.  That would be a question for others and not for me.  This could be a correct usage that I am unaware of.
> 
>  
> 
> Going back and looking at RC 2616, it is clear that this is a technical issue in that document.  The string “Referer” appears as bits transported on the wire and needs to be spelt as it is in the document rather than having the spelling corrected.  If the correct spelling is used, there would be an interoperability issue.  This makes the usage of “sic” correct in this location and it would have been a technical errata if it was raised.
> 
>  
> 
> The use of the errata mechanism is an appropriate method for raising these types of issues, however it must be recognized that we do not all have the same level of significance when it comes to technical vs editorial.  Some people are more strict in terms of how significant an errata issue affects the document and consider anything which, even if it might lead to difference of opinion on implementation, to be editorial.  I think however, that this suggestion was clearly editorial in nature as it would not cause confusion in how things are to be implemented or change bits on the wire if one were to change the string in the ASN.1 file.
> 
>  
> 
> Jim
> 
>  
> 
>  
> 
> From: Josh Soref [mailto:jsoref@gmail.com] 
> Sent: Sunday, May 14, 2017 1:43 PM
> To: Jim Schaad <ietf@augustcellars.com>
> Cc: Paul Hoffman <paul.hoffman@vpnc.org>; IETF SMIME <smime@ietf.org>; Eric Rescorla <ekr@rtfm.com>; Russ Housley <housley@vigilsec.com>; Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>
> Subject: RE: [smime] [Technical Errata Reported] RFC2633 (5019)
> 
>  
> 
> Ok. Let's say that I'm new to IETF process. The feedback provided so far is offensive.
> 
>  
> 
> Please suggest the proper way to annotate that there is an error in a number of the documents hosted by IETF.
> 
>  
> 
> Clearly someone successfully ridiculed IETF once such that future standards appropriately included "[sic]" wherever "referer" is used. It shouldn't be hard to suggest to a submitter the correct way to do that today, decades later.
> 
>  
> 
> On May 14, 2017 4:35 PM, "Jim Schaad" <ietf@augustcellars.com> wrote:
> 
> The name chosen has absolutely no change of what is one the wire.   That means that this is at best editorial and is definitely not technical.
> 
>  
> 
> This is only going to affect those people who decide to use autogenerated constant names from the ASN.1 file.  The suggested change would make for an invalid ASN.1 file so it not correct.  Changing this name at this point would be a hassle for any one doing auto generation and highlighting that this is not, in some sense, a word does not affect the standard in any way.
> 
>  
> 
> This should be rejected.
> 
>  
> 
> Jim
> 
>  
> 
>  
> 
> From: smime [mailto:smime-bounces@ietf.org] On Behalf Of Russ Housley
> Sent: Sunday, May 14, 2017 10:55 AM
> To: Josh Soref <jsoref@gmail.com>
> Cc: Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>; Paul Hoffman <paul.hoffman@vpnc.org>; Eric Rescorla <ekr@rtfm.com>; IETF SMIME <smime@ietf.org>
> Subject: Re: [smime] [Technical Errata Reported] RFC2633 (5019)
> 
>  
> 
> It is the name that the author chose to use in the ASN.1.  If it was a typo, then it would have been changed in the subsequent update to the RFC.
> 
>  
> 
> Russ
> 
>  
> 
>  
> 
> On May 14, 2017, at 1:44 PM, Josh Soref <jsoref@gmail.com> wrote:
> 
>  
> 
> It isn't an abbreviation, other tokens are clearly longer such as signingCertificate and smimeEncryptCerts. It's likely that the errata applies to multiple RFCs.
> 
>  
> 
> On May 14, 2017 1:15 PM, "Russ Housley" <housley@vigilsec.com> wrote:
> 
> I believe that this errata should be rejected.  The author used an abbreviation, and the same spelling is used in RFC 3851.
> 
> Russ
> 
> 
> > On May 14, 2017, at 12:35 PM, RFC Errata System <rfc-editor@rfc-editor.org> wrote:
> >
> > The following errata report has been submitted for RFC2633,
> > "S/MIME Version 3 Message Specification".
> >
> > --------------------------------------
> > You may review the report below and at:
> > http://www.rfc-editor.org/errata/eid5019
> >
> > --------------------------------------
> > Type: Technical
> > Reported by: Josh Soref <jsoref@gmail.com>
> >
> > Section: 5
> >
> > Original Text
> > -------------
> > id-aa-encrypKeyPref OBJECT IDENTIFIER ::= {id-aa 11}
> >
> >
> > Corrected Text
> > --------------
> > id-aa-encrypKeyPref [sic] OBJECT IDENTIFIER ::= {id-aa 11}
> >
> > Notes
> > -----
> > encryp isn't a word, it's a typo. Unfortunately, like http's (rfc1945) referer [sic] before it, this is now part of the API.
> >
> > This error should be highlighted (as rfc2068 does for referer [sic]) so that people are aware that the natural spelling doesn't apply.
> >
> > If it's possible for a revised RFC to be published suggesting the correct spelling w/ a way for clients/servers to handle the old spelling, that would be nice, but based on precedent, that seems unlikely.
> >
> > Instructions:
> > -------------
> > This erratum is currently posted as "Reported". If necessary, please
> > use "Reply All" to discuss whether it should be verified or
> > rejected. When a decision is reached, the verifying party
> > can log in to change the status and edit the report, if necessary.
> >
> > --------------------------------------
> > RFC2633 (draft-ietf-smime-msg-08)
> > --------------------------------------
> > Title               : S/MIME Version 3 Message Specification
> > Publication Date    : June 1999
> > Author(s)           : B. Ramsdell, Ed.
> > Category            : PROPOSED STANDARD
> > Source              : S/MIME Mail Security
> > Area                : Security
> > Stream              : IETF
> > Verifying Party     : IESG
> >
> > _______________________________________________
> > smime mailing list
> > smime@ietf.org
> > https://www.ietf.org/mailman/listinfo/smime
> 
>  
> 
> 
> _______________________________________________
> smime mailing list
> smime@ietf.org
> https://www.ietf.org/mailman/listinfo/smime

v2.23.0 | Report a Bug | By Email