[lamps] Fw: 转发: IETF Liaison Statement to ISO/TC 154 about ISO 14533-4
Jiankang Yao <yaojk@cnnic.cn> Thu, 18 February 2021 10:06 UTC
Return-Path: <yaojk@cnnic.cn>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 884873A0F06 for <spasm@ietfa.amsl.com>; Thu, 18 Feb 2021 02:06:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_FONT_FACE_BAD=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J_9cDSYD5Vyp for <spasm@ietfa.amsl.com>; Thu, 18 Feb 2021 02:06:00 -0800 (PST)
Received: from cnnic.cn (smtp13.cnnic.cn [218.241.118.13]) by ietfa.amsl.com (Postfix) with ESMTP id A9B9B3A0EFA for <spasm@ietf.org>; Thu, 18 Feb 2021 02:05:57 -0800 (PST)
Received: from TestYJ-PC (unknown [159.226.7.2]) by ocmail02.zx.nicx.cn (Coremail) with SMTP id AQAAf0A5QBTrOy5g7KPXAA--.15354S2; Thu, 18 Feb 2021 18:05:32 +0800 (CST)
Date: Thu, 18 Feb 2021 18:05:34 +0800
From: Jiankang Yao <yaojk@cnnic.cn>
To: "iab-chair@iab.org" <iab-chair@iab.org>, IAB IAB <iab@iab.org>, 'LAMPS' <spasm@ietf.org>
Cc: zhangjf <zhangjf@cnis.ac.cn>
Reply-To: yaojk <yaojk@cnnic.cn>
X-Priority: 3
X-Has-Attach: yes
X-Mailer: Foxmail 7.0.1.92[cn]
Mime-Version: 1.0
Message-ID: <2021021818052936422816@cnnic.cn>
Content-Type: multipart/mixed; boundary="----=_001_NextPart245575032152_=----"
X-CM-TRANSID: AQAAf0A5QBTrOy5g7KPXAA--.15354S2
X-Coremail-Antispam: 1UD129KBjvJXoWxuFy7Zr4DtryUtFykKr4Durg_yoW7trWUpF ZxCr4ak3WkJr4xGa4Ivr1xJw4Skr93G39rJFn8GryUAr90krn2yFy2vr1Svry7Wws3ZF1j qFs2gryDZay8ZrJanT9S1TB71UUUUU7qnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDU0xBIdaVrnRJUUUyYb7Iv0xC_KF4lb4IE77IF4wAFF20E14v26r1j6r4UM7CY07I2 0VC2zVCF04k26cxKx2IYs7xG6rWj6s0DM7CIcVAFz4kK6r1j6r18M28lY4IEw2IIxxk0rw A2F7IY1VAKz4vEj48ve4kI8wA2z4x0Y4vE2Ix0cI8IcVAFwI0_JFI_Gr1l84ACjcxK6xII jxv20xvEc7CjxVAFwI0_Jr0_Gr1l84ACjcxK6I8E87Iv67AKxVWxJr0_GcWl84ACjcxK6I 8E87Iv6xkF7I0E14v26rxl6s0DM2AIxVAIcxkEcVAq07x20xvEncxIr21le4C267I2x7xF 54xIwI1l5I8CrVAqjxCE14ACF2xKxwAqx4xG6xAIxVCFxsxG0wAv7VC0I7IYx2IY67AKxV WUJVWUGwAv7VC2z280aVAFwI0_Jr0_Gr1lOx8S6xCaFVCjc4AY6r1j6r4UMxkIecxEwVAF wVW8twCFx2IqxVCFs4IE7xkEbVWUJVW8JwC20s026c02F40E14v26r106r1rMI8I3I0E74 80Y4vE14v26r106r1rMI8E67AF67kF1VAFwI0_JF0_Jw1lIxAIcVC0I7IYx2IY67AKxVWU JVWUCwCI42IY6xIIjxv20xvEc7CjxVAFwI0_Jr0_Gr1lIxAIcVCF04k26cxKx2IYs7xG6r W3Jr0E3s1lIxAIcVC2z280aVAFwI0_Jr0_Gr1lIxAIcVC2z280aVCY1x0267AKxVWUJVW8 JbIYCTnIWIevJa73UjIFyTuYvjxU2oUDDUUUU
X-CM-SenderInfo: x1dryyw6fq0xffof0/
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/8FaZJ6BNUwkIb8U9q-Lkm5_biVo>
Subject: [lamps] Fw: 转发: IETF Liaison Statement to ISO/TC 154 about ISO 14533-4
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Feb 2021 10:06:04 -0000
Hello IAB Chair and all,
Today is the first business day after holiday of Spring Festival (Chinese New Year). Mr. Jianfang Zhang has kindly returned email to
iab-chair@iab.org iab@iab.org and spasm@ietf.org, and copy to some ISO friends. But the email is bounced back by these email servers.
Then Mr. Jianfang Zhang tries again and forwards it to me and iab-chair@iab.org iab@iab.org and spasm@ietf.org.
It seems that only my address gets this email. He just contacts me to tells the news and asks me to relay the email below.
We may need to ask the email server administrator to help to put zhangjf@cnis.ac.cn or cnis.ac.cn into the white list.
Mr. Jianfang Zhang is copied. (Thanks a lot!)
Best Regards
Jiankang Yao
发件人: Jianfang Zhang
发送时间: 2021-02-18 17:16
收件人: iab-chair@iab.org; 'Jiankang Yao'; 'IAB'; 'LAMPS'
主题: 转发: IETF Liaison Statement to ISO/TC 154 about ISO 14533-4
_____________________________________________
发件人: Jianfang Zhang <zhangjf@cnis.ac.cn>
发送时间: 2021年2月18日 7:52
收件人: 'IAB Chair' <iab-chair@iab.org>; 'Peter Rybár' <peter.rybar@nbu.gov.sk>
抄送: 'mathew@iso.org' <mathew@iso.org>; 'IAB' <iab@iab.org>; 'LAMPS' <spasm@ietf.org>; 'Roman D. Danyliw' <rdd@cert.org>; 'Russ Housley' <housley@vigilsec.com>; 'tim.hollebeek@digicert.com' <tim.hollebeek@digicert.com>; '茱滴' <hongru.zhr@alibaba-inc.com>; 'chazmi1977@gmail.com' <chazmi1977@gmail.com>
主题: 答复: IETF Liaison Statement to ISO/TC 154 about ISO 14533-4
Dear Mr. Mirja Kühlewind (IAB Chair)
Thank you for your email and for your interest to ISO/TC154.
The IAB has been notified that RFC 8954 may conflict with the way OCSP Nonce extension is used in ISO 14533-4. We are writing to share that concern. We understand that ISO 14533-4 places a non-random value in the OCSP Nonce that is larger than 32 octets. This new size limitation may also impact other work by ISO/TC 154 that we are not aware of.
> Peter is the project leader of ISO 14533-4, and I also add him on the mail list.
@Peter @Jasmine, could you please dispose the comment on the impact of RFC 8954(updated to RFC 6960) to ISO 14533? Thank you in advance.
We recognize that the IETF does not have a liaison relationship with ISO/TC 154; however, the IETF LAMPS Working Group would like to work with you to resolve this incompatibility in the best possible way. If the establishment of a liaison relationship between the IETF and ISO/TC 154, then the IAB will coordinate the arrangement.
> IETF is an external organization to ISO, and the attached form should be filled out by your side as per the clause 1.17 of ISO/IEC directives (https://www.iso.org/sites/directives/current/consolidated/index.xhtml#_idTextAnchor095).
After the formal application form is received, and then the following steps will be taken by ISO side:
1) A CIB ballot will be initiated for the liaison request, and it requires approval of the application by two-thirds of the P-members voting.
2) With the approval of CIB ballot in TC154, the liaison request will be submitted to ISO/CS to check your organization eligibility.
3) After checking the eligibility criteria, your organization and experts can be registered in ISO/TC154 as liaison membership.
If you have any question, please feel free to contact me. Thanks.
Best regards
Jianfang
ISO/TC 154 committee manager
<<...>>
-----邮件原件-----
发件人: IAB Chair <iab-chair@iab.org>
发送时间: 2021年2月13日 2:00
收件人: zhangjf@cnis.ac.cn
抄送: mathew@iso.org; IAB <iab@iab.org>; LAMPS <spasm@ietf.org>; Roman D. Danyliw <rdd@cert.org>; Russ Housley <housley@vigilsec.com>; tim.hollebeek@digicert.com
主题: IETF Liaison Statement to ISO/TC 154 about ISO 14533-4
Dear ISO/TC 154, dear Mr Jianfang Zhang,
The Internet Architecture Board (IAB), which is handling the liaison management of the IETF, would like to make sure that you are aware of the recent work by the at IETF LAMPS Working group (https://datatracker.ietf.org/wg/lamps/about/). The LAMPS WG is responsible for updates to IETF documents related to public key infrastructure (PKI), including the Online Certificate Status Protocol (OCSP). OCSP is specified in RFC 6960 (https://www.rfc-editor.org/rfc/rfc6960.txt). As part of the work of the LAMPS Working Group, RFC 8954 (https://www.rfc-editor.org/rfc/rfc8954.txt) was published as an update to RFC 6960, which limits the size of the OCSP Nonce extension to 32 octets to make the OCSP transactions more secure. The OCSP Nonce is a randomly generated value that cryptographically binds a request and a response to prevent replay attacks.
The IAB has been notified that RFC 8954 may conflict with the way OCSP Nonce extension is used in ISO 14533-4. We are writing to share that concern. We understand that ISO 14533-4 places a non-random value in the OCSP Nonce that is larger than 32 octets. This new size limitation may also impact other work by ISO/TC 154 that we are not aware of.
We had a discussion about the use case in the LAMPS Working Group recently. Based on how the OCSP nonce extension is used in the industry, it was recommended that a new OCSP extension should be used for the purpose of capturing OCSP response for long term validation of the signed documents.
We recognize that the IETF does not have a liaison relationship with ISO/TC 154; however, the IETF LAMPS Working Group would like to work with you to resolve this incompatibility in the best possible way. If the establishment of a liaison relationship between the IETF and ISO/TC 154, then the IAB will coordinate the arrangement.
Thank you for your attention in this matter.
On behalf of the IAB,
Mirja Kühlewind (IAB Chair)