IETF Logo Mail Archive

Re: [lamps] [EXTERNAL] Opsdir last call review of draft-ietf-lamps-ocsp-nonce-update-05

Susan Hares <shares@ndzh.com> Wed, 10 April 2024 18:31 UTC

Return-Path: <shares@ndzh.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CCFFEC14F617; Wed, 10 Apr 2024 11:31:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HItiaYF-WSRp; Wed, 10 Apr 2024 11:30:56 -0700 (PDT)
Received: from NAM04-MW2-obe.outbound.protection.outlook.com (mail-mw2nam04on2097.outbound.protection.outlook.com [40.107.101.97]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 98762C14F616; Wed, 10 Apr 2024 11:30:55 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=XqnrHgpwhSRFy2eNnQNL7pTypdy81ea/vIjc+Pfl8MYme6WENlbEms32l2/uuzomVZJUvJNWrDqYDrag7uz7IhvGUCDzZEwtxcWSRF6IiYFfzlreOXjhj5NxX+UlQh0n2aEcWuTWn9/p4CRfQILPVeAdBhMub0LvRfTAi5/KS2SMVLT5Loa9GIC3/kldtZzTbwW+DZOe6/U0mpb7UwkpeqnoJTBlbLuUW2j6Ne3D0dAo3MuY2WoaSBNRDBePA6nC/1yKqXzSx3lhWzZWn71Pb1hTwvZfL409VUamSqSN24Slk7aA06HLFutQDvj3JqTcOzTD7CoQWz3d6D+tEMjhrA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=EaF2mV/YablAN9Qdy+Tka4DlWe8EZEJLZzT2t8B5MLU=; b=M7aRwZVta82FsM9+q5KyQx/jkcOWRmybUP/RENrXy5wfTCVwWSdpODbwWOCdkY8DSyHF43vseHkLpMxhahI8GH27TAuZPjGDX4C6quzTYW95p/cTshv1emCC3NSqs8SMK55GC7WaE9JThjq5VbV15iFdQ7paxiQqqHqtZQ3i799ZodbOQc9y46lloZ6JtPJ3faWEY//MNm6nNWKJ8ARbtSQ0O97WELGoKndmoH6IF2RBhXnYVBpWI1zHYb5iHBzcBw0IQq39sgznADXITQ13gNkBzfB3LhM943SAvKhQBPNXUXJMjLAsQAGAAQk7m1B66N4fT6mPP1nJOBPEAEFD+g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 104.47.73.168) smtp.rcpttodomain=ietf.org smtp.mailfrom=ndzh.com; dmarc=bestguesspass action=none header.from=ndzh.com; dkim=none (message not signed); arc=none (0)
Received: from BL1PR13CA0179.namprd13.prod.outlook.com (2603:10b6:208:2bd::34) by SN4PR0801MB7840.namprd08.prod.outlook.com (2603:10b6:806:21f::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.55; Wed, 10 Apr 2024 18:30:52 +0000
Received: from BL6PEPF0001AB4A.namprd04.prod.outlook.com (2603:10b6:208:2bd:cafe::ba) by BL1PR13CA0179.outlook.office365.com (2603:10b6:208:2bd::34) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7472.19 via Frontend Transport; Wed, 10 Apr 2024 18:30:52 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 104.47.73.168) smtp.mailfrom=ndzh.com; dkim=none (message not signed) header.d=none;dmarc=bestguesspass action=none header.from=ndzh.com;
Received-SPF: Pass (protection.outlook.com: domain of ndzh.com designates 104.47.73.168 as permitted sender) receiver=protection.outlook.com; client-ip=104.47.73.168; helo=NAM04-MW2-obe.outbound.protection.outlook.com; pr=C
Received: from obx-outbound.inkyphishfence.com (50.17.62.222) by BL6PEPF0001AB4A.mail.protection.outlook.com (10.167.242.68) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.7452.22 via Frontend Transport; Wed, 10 Apr 2024 18:30:52 +0000
Received: from NAM04-MW2-obe.outbound.protection.outlook.com (mail-mw2nam04lp2168.outbound.protection.outlook.com [104.47.73.168]) by obx-inbound.inkyphishfence.com (Postfix) with ESMTPS id 66894C378B; Wed, 10 Apr 2024 18:30:51 +0000 (UTC)
Received: from DM6PR08MB4857.namprd08.prod.outlook.com (2603:10b6:5:44::25) by CO1PR08MB6675.namprd08.prod.outlook.com (2603:10b6:303:6d::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.46; Wed, 10 Apr 2024 18:30:49 +0000
Received: from DM6PR08MB4857.namprd08.prod.outlook.com ([fe80::b6e6:add:92ce:6fa0]) by DM6PR08MB4857.namprd08.prod.outlook.com ([fe80::b6e6:add:92ce:6fa0%4]) with mapi id 15.20.7409.053; Wed, 10 Apr 2024 18:30:49 +0000
From: Susan Hares <shares@ndzh.com>
To: Himanshu Sharma <himanshu@netskope.com>
CC: "ops-dir@ietf.org" <ops-dir@ietf.org>, "draft-ietf-lamps-ocsp-nonce-update.all@ietf.org" <draft-ietf-lamps-ocsp-nonce-update.all@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>, "spasm@ietf.org" <spasm@ietf.org>
Thread-Topic: [EXTERNAL] Opsdir last call review of draft-ietf-lamps-ocsp-nonce-update-05
Thread-Index: AQHai3SilZ9aY3iGQUOJQX/7WoRCnrFh03Iw
Date: Wed, 10 Apr 2024 18:30:49 +0000
Message-ID: <DM6PR08MB4857C73464F9D1ECFB66B737B3062@DM6PR08MB4857.namprd08.prod.outlook.com>
References: <171269011520.2420.5933358132842531673@ietfa.amsl.com> <CAL9pJ7mzW6QW_MXybbUHEg55387uL6Hq6w2+b87JsH5kGYE6iA@mail.gmail.com>
In-Reply-To: <CAL9pJ7mzW6QW_MXybbUHEg55387uL6Hq6w2+b87JsH5kGYE6iA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-traffictypediagnostic: DM6PR08MB4857:EE_|CO1PR08MB6675:EE_|BL6PEPF0001AB4A:EE_|SN4PR0801MB7840:EE_
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: qStWGSbdLKP37/NtZnb9lAX/mINmK6AdaCF5CC9sh4zO7CmCQUH8VOH9C3cAG442sR6KUiy+fvRuoq2XfaZXCHQnOKFN4Ndb5EzbYUcI5fjWBqk+wuX1lxSqmSzlHWEIYoE+2lUHeRZkuwyh/fd0YyJQNoKbKbzr3AXWgLrvBTPcSwbFqYmgpYefdDkNH1EzP4L3WMSDIiCCYZib+Au2BhvsagfhmOTRFtW2Ys3B2dolk2TDiVDhQx8+rdRTKCU0TNGD6pWYB/ka9EesYileqGMBhYLWr+mJTBwsSXbhAFAzMl57FDSRU/AkGRUp3B1Z33dqQ+TM+TWc33Guh1KdjVDSTogFDw22g3RKWjUGRyQvc8o5ssZbWR/tYeoPqA3Oi8ZhYRUshmjvxv+CVgr3S6eJ+BkrrETwC23Q9+pXKOOVWZzyrX8R8ctipWP8z8UtKgdSmUOGJFtmxzwgwh7/dN7/fQhP9GUi6xmFR5fz9c49mUS5eDrudksiFqt1xtx/MC4Dhy22Zll6oLiG3ESfsa6fLoBu5aePs8wI66CXr9pPnMhM0nt3MlqcIhLdaUVL2Qq5cIxW48yH+KlVPZWPGK3HH594FIgcszRVlhMf05kPi9YLLrbx7HBMePIZWDjZEkBA9PnC5nSRxpMz5OiuMUkBEHvzvwPpvJS+ReBzVnQ=
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR08MB4857.namprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(366007)(376005)(1800799015); DIR:OUT; SFP:1102;
Content-Type: multipart/alternative; boundary="_000_DM6PR08MB4857C73464F9D1ECFB66B737B3062DM6PR08MB4857namp_"
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO1PR08MB6675
X-Inky-Outbound-Processed: True
X-EOPAttributedMessage: 0
X-MS-Exchange-SkipListedInternetSender: ip=[104.47.73.168]; domain=NAM04-MW2-obe.outbound.protection.outlook.com
X-MS-Exchange-ExternalOriginalInternetSender: ip=[104.47.73.168]; domain=NAM04-MW2-obe.outbound.protection.outlook.com
X-MS-Exchange-Transport-CrossTenantHeadersStripped: BL6PEPF0001AB4A.namprd04.prod.outlook.com
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 7f027a72-df5f-4aa1-f8e6-08dc598c5a2a
X-IPW-GroupMember: False
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: iK65OiqObhYLagz4IX2KjgIpY3AMN/ZbidAziXeMygch/PmIiNdg7de+xXENMEGoImaPg9B0hIO4FJHwDLv0Djd7wm1+op6QMRkc0MjGE8+s/jA+3FEjJi1Aoic4SIoeABMj+VEo98s6u4G6Lqg5XKJcBySb8ZBTSogixqNMSkgfKvSxs6EjtHoe1K7Tnc0alIPB1mBbI7SE7Hq9ToLYkkhxxIVOBJ6DRcic/dWdW7WEzEGD0/W4w+Kzr2lcqt4eXi0XTrQfZLQZaM06LB7EdnYvzfx/SUuhr9YvjDGpej8YipzMSLXVUHIxcFnyghDegbXQHgyoMuzrcJAzH+Jwfx7WGibN0pULNgdmd+EuTe7HKvUZIRC99yqVK2pEj5FdCOxrAqrBosl8R1uetHdsAhV6A5NprR9aZuYu9zHFzmhPrAEV2zY1ixdKpqwvODoCIzywRLs3VLTx8KulNtVD047hI3qPQA2obcBQ1jnS8O5iP4NtOsiSlfvytyqdWNCMP27vinvVYtj+plab1BlY3rT++DxmoqJFVkLyIoPmxYieA2wC7WTVZewzDK86O9zJuZPdJox8Socn6/7KMnBKFYm3uKYaNVU+HjxPY8Lw4nmzOnwsiJ3KAHLpkTLDDUtjTwiFqmsIXnXDcnWys7yUlSGjQjySaf6MxvkYINLKNatVHOHiaTnXK5csA8+k5JOZkEAkbum/3moAucN1fp3aS/xsHSY3dGc83NEwx814u6TVP7PlWmjbwHQ80+OJPh7Ae+NdQSItl+Z/3UrIr52VpuL+JlrN6gyxepfvY83zVs4kKiccX8wWVfcmgyJdSXgx4VsbbOwPVTqyHsPETQJnHg==
X-Forefront-Antispam-Report: CIP:50.17.62.222; CTRY:US; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:NAM04-MW2-obe.outbound.protection.outlook.com; PTR:mail-mw2nam04lp2168.outbound.protection.outlook.com; CAT:NONE; SFS:(13230031)(1800799015)(376005)(36860700004)(82310400014); DIR:OUT; SFP:1102;
X-OriginatorOrg: ndzh.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Apr 2024 18:30:52.2201 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 7f027a72-df5f-4aa1-f8e6-08dc598c5a2a
X-MS-Exchange-CrossTenant-Id: d6c573f1-34ce-4e5a-8411-94cc752db3e5
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=d6c573f1-34ce-4e5a-8411-94cc752db3e5; Ip=[50.17.62.222]; Helo=[obx-outbound.inkyphishfence.com]
X-MS-Exchange-CrossTenant-AuthSource: BL6PEPF0001AB4A.namprd04.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN4PR0801MB7840
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/5nKao0Ou-sMpf2DnN9eztxW9aYA>
Subject: Re: [lamps] [EXTERNAL] Opsdir last call review of draft-ietf-lamps-ocsp-nonce-update-05
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: This is the mail list for the LAMPS Working Group <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Apr 2024 18:31:02 -0000

Himanshu:

I’m glad I could be helpful!

Sue

From: Himanshu Sharma <himanshu@netskope.com>
Sent: Wednesday, April 10, 2024 2:26 PM
To: Susan Hares <shares@ndzh.com>
Cc: ops-dir@ietf.org; draft-ietf-lamps-ocsp-nonce-update.all@ietf.org; last-call@ietf.org; spasm@ietf.org
Subject: Re: [EXTERNAL] Opsdir last call review of draft-ietf-lamps-ocsp-nonce-update-05

Thanks Susan for your time to review the I-D and providing the feedback.I will work on the suggestion and update the I-D soon. -Himanshu  ‌  ‌  ‌  ‌  ‌  ‌  ‌  ‌  ‌  ‌  ‌  ‌  ‌  ‌  ‌  ‌  ‌  ‌  ‌  ‌  ‌  ‌  ‌  ‌  ‌  ‌  ‌  ‌  ‌  ‌  ‌  ‌
Caution: External (himanshu@netskope.com<mailto:himanshu@netskope.com>)
First-Time Sender   Details<https://protection.inkyphishfence.com/details?id=bmV0b3JnMTA1ODY5MTIvc2hhcmVzQG5kemguY29tLzRlZWMxNGJmM2ZiZDNkNjkwNjkzZjJmMmRlMjVjYjhkLzE3MTI3NzM1OTQuOTk=#key=1e6cb16412b2210b04bb7e555f7e0676>
  Report This Email<https://protection.inkyphishfence.com/report?id=bmV0b3JnMTA1ODY5MTIvc2hhcmVzQG5kemguY29tLzRlZWMxNGJmM2ZiZDNkNjkwNjkzZjJmMmRlMjVjYjhkLzE3MTI3NzM1OTQuOTk=#key=1e6cb16412b2210b04bb7e555f7e0676>  FAQ<https://www.godaddy.com/help/report-email-with-advanced-email-security-40813>  GoDaddy Advanced Email Security, Powered by INKY<https://www.inky.com/protection-by-inky>

Thanks Susan for your time to review the I-D and providing the feedback.
I will work on the suggestion and update the I-D soon.

-Himanshu

On Tue, Apr 9, 2024 at 12:15 PM Susan Hares via Datatracker <noreply@ietf.org<mailto:noreply@ietf.org>> wrote:
Reviewer: Susan Hares
Review result: Has Nits


Status: Ready with NITs
General Statement: Excellent writing and clearly understood by a novice.
I enjoyed reading the clear ASN.1 syntax in the appendices.

operational summary:  The key point is that Clients switching from
[RFC8954] to [draft-ietf-lamps-ocsp-nonce-update-06] will want to
use a nonce of length 32, and accept an OCSP of 16 octets.

4 NITS: Main Text (1) Appendix A.1 (1), and Appendix A.2 (2).
Note that NITS are editorial suggestions.

1 NITS in Main Text:

The example in section 2 starts with
 30 2f 06 09 2b 06 01 05 05 07 30 01 02 [hex]
    Sequence (30) length (2f) {
       OBJECT Identifier (06) length (09)
             oscpNonce (1 3 6 1 5 5 7 48 1 2 )

It might be good to explain that (1 3) is the 2b.
------

#2 NITS in ASN.1 in Section

It would help the ASN.1 reader to explain in a comment
associated with the first usage of "generalizedTime" the format of the
generalized time.  It is a well-defined ASN.1 concept, but
the reader is assumed to be an IETF reader with less experience
in ASN.1.

------

#NIT 3, use of ATTRIBUTE as an import.

In my review of the ASN.1 in Appendix A.2,
I cannot find a usage of ATTRIBUTE.
If it is not used, why is it included?

-----
#NIT 4, use of @amp;

ResponseBytes ::=       SEQUENCE {
   responseType        RESPONSE.
                           &id ({ResponseSet}),
   response            OCTET STRING (CONTAINING RESPONSE.
                           &Type({ResponseSet}{@responseType}))}

AcceptableResponses ::= SEQUENCE OF RESPONSE.&id({ResponseSet})

I am not familiar with "&id" or "&Type" or @response.
Please add a comment with the ISO reference for this syntax.
If you wish to be helpful to the reader, it would be
to explain what this syntax means.

v2.23.0 | Report a Bug | By Email