[lamps] Gunter Van de Velde's No Objection on draft-ietf-lamps-rfc5019bis-08: (with COMMENT)
Gunter Van de Velde via Datatracker <noreply@ietf.org> Mon, 15 April 2024 13:21 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: spasm@ietf.org
Delivered-To: spasm@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 9BF2EC14F71A; Mon, 15 Apr 2024 06:21:26 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Gunter Van de Velde via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-lamps-rfc5019bis@ietf.org, lamps-chairs@ietf.org, spasm@ietf.org, housley@vigilsec.com, housley@vigilsec.com
X-Test-IDTracker: no
X-IETF-IDTracker: 12.10.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Gunter Van de Velde <gunter.van_de_velde@nokia.com>
Message-ID: <171318728662.8042.8574630777652596928@ietfa.amsl.com>
Date: Mon, 15 Apr 2024 06:21:26 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/7n7CqkEybt0VSRMMLDEhbxSLpJc>
Subject: [lamps] Gunter Van de Velde's No Objection on draft-ietf-lamps-rfc5019bis-08: (with COMMENT)
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
List-Id: This is the mail list for the LAMPS Working Group <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Apr 2024 13:21:26 -0000
Gunter Van de Velde has entered the following ballot position for draft-ietf-lamps-rfc5019bis-08: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-lamps-rfc5019bis/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- # Gunter Van de Velde, RTG AD, comments for draft-ietf-lamps-rfc5019bis-08 Thank you for the work put into this document. Please find below some non-blocking COMMENT points. I hope that this review helps to improve the document, 117 (For brevity we refer to OCSP as being used to verify certificate 118 status, but only the revocation status of a certificate is checked 119 via this protocol.) As networking generalist i am unclear what the 'but only' refers towards? it reads a bit odd. in addition not sure if the word 'we' helps in a formal document. What about following rewrite suggestion: For brevity, the term "OCSP" is used herein to denote the verification of certificate status; however, it should be noted that this protocol is employed solely to ascertain the revocation status of a certificate. 121 To date, many OCSP deployments have been used to ensure timely and 122 secure certificate status information for high-value electronic 123 transactions or highly sensitive information, such as in the banking 124 and financial environments. As such, the requirement for an OCSP This text processes difficult for me. Would he following text be a potential rewrite? To date, numerous OCSP deployments have been implemented to provide timely and secure certificate status information, crucial for high-value electronic transactions and the handling of highly sensitive information, particularly within the banking and financial sectors. 128 is not an issue, and have run on client and server systems where 129 processing power is not constrained. I assume that there is no additional constraints beyond the capabilities of the CPU/memory used? 151 This document addresses the scalability issues inherent when using 152 OCSP in PKI environments described above by defining a message 153 profile and clarifying OCSP client and responder behavior that will 154 permit: Instead of writing 'in PKI environments described above' would it not be more simpler to say 'in highly scaled PKI environments'? 668 8. Security Considerations Is there a special fallback consideration in scenarios where the OCSP check fails (either due to responder issues or network problems)? Are there any additional privacy considerations associated with the lightweight solution beyond those already noted for the traditional OCSP? G/
- [lamps] Gunter Van de Velde's No Objection on dra… Gunter Van de Velde via Datatracker