Re: [lamps] [EXTERNAL] Opsdir last call review of draft-ietf-lamps-ocsp-nonce-update-05
Himanshu Sharma <himanshu@netskope.com> Thu, 11 April 2024 22:28 UTC
Return-Path: <himanshu@netskope.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 56ABBC14F61F for <spasm@ietfa.amsl.com>; Thu, 11 Apr 2024 15:28:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.091
X-Spam-Level:
X-Spam-Status: No, score=-2.091 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=netskope.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BpZwjZq686rU for <spasm@ietfa.amsl.com>; Thu, 11 Apr 2024 15:28:05 -0700 (PDT)
Received: from us-smtp-delivery-117.mimecast.com (us-smtp-delivery-117.mimecast.com [170.10.129.117]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2B985C14F713 for <spasm@ietf.org>; Thu, 11 Apr 2024 15:28:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netskope.com; s=mimecast20210603; t=1712874483; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=InMO+Q0mtcjBRJoLYtANU+78jhH/OEp0y8SJA/DW5fU=; b=dBfwYxv2SeiUASmF0SpuYxDgf0ss0+O8EkT0//C8TaGmMEMvsVBVU38/wVtz/b1Di6sGoo blgwL4IKpVljppHp3w1E5H0ttbxpsom1HnKTGvdrvs+Wld06/TG+GIGaZYcJl1NOQhXm7E o9DM6WTIVczAmHNAS2jSmkEJmaR8Z4A=
Received: from mail-qv1-f69.google.com (mail-qv1-f69.google.com [209.85.219.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-531-d1ONuQTqPmqLbDfV8QOh9Q-1; Thu, 11 Apr 2024 18:28:01 -0400
X-MC-Unique: d1ONuQTqPmqLbDfV8QOh9Q-1
Received: by mail-qv1-f69.google.com with SMTP id 6a1803df08f44-699481d14ffso3833506d6.1 for <spasm@ietf.org>; Thu, 11 Apr 2024 15:28:01 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712874480; x=1713479280; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:dkim-signature:x-gm-message-state:from:to:cc:subject :date:message-id:reply-to; bh=BFBIgaIDtkOGJqegxcOjT4ZZIdgzp8ZZnNdfwvUoHr8=; b=im5eYCMnKYmDzEgrybfa7rIsbqEIN/toCdg0pNNRVEpbJFTTZASsBFIEMfvsEC57c1 Rt/POn8fpnTKs10cJ/aB3b6kTi5Hjfi59PFOlI1XN/cWj+csy5+0HI+P1bRO4MlxHSfy pTAqtyWmp8ST6w2svhfELcDIugZDhPY/xeQ8Yz5o8t4fg9L74NvrgFl1/JgwcAj22HgI /b7QbtVfaWmYFCW1GIOSLVYai7fWB0yolpoj9U9NvKcHzSbok+tAS3QaPhEBaj60Q9Ho K+L/FvudjNd/SFbM6CreiCAfpQMQMClFRv1bI826r/9d7pB+BhV6O9dx3O+dJnj06tHS NDlA==
X-Forwarded-Encrypted: i=1; AJvYcCVPiIrJg2Ef0l2VfoX6Wn2bX68aMyswWfskvEB+e5HmpjdVNr/AQGO/xgjN7gPRZaReDjj6ASs9emBgTJK6Bw==
X-Gm-Message-State: AOJu0YwB8Q6v2k6nvk0hcPvBi1NAI2bSbRwzO2SBOE3AAWuxldKv04lq ivfjgI7lpeRom0WFOTbyiKkfCzhO3RR2rizXhyc2/CVRZw9GwCTfVPNpkKtB1DOZo0ehut+DoDh 5ImHCDL+G6WSbVV8GqdtYbZIqaLGxJfQFSUdVVah6DElF9ai1y09f1EbSKxUNTJsVb5xTLDIKQx xXwZVDz2KZ5B1Dxah0/Zc=
X-Received: by 2002:ad4:4f2e:0:b0:699:49d3:fe3a with SMTP id fc14-20020ad44f2e000000b0069949d3fe3amr871773qvb.44.1712874480716; Thu, 11 Apr 2024 15:28:00 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IF3EePGcLbSLbcj9Q7CBxVr80i8aCvXcctGsthqgyV97OJC2ObPUUQh1UWjeuWbat+N58OkjPZ8q/JM
X-Received: by 2002:ad4:4f2e:0:b0:699:49d3:fe3a with SMTP id fc14-20020ad44f2e000000b0069949d3fe3amr871764qvb.44.1712874480420; Thu, 11 Apr 2024 15:28:00 -0700 (PDT)
Received: from netskope.com ([163.116.128.214]) by smtp-relay.gmail.com with ESMTPS id 2-20020a05621420e200b0069929f4cbdesm190306qvk.20.2024.04.11.15.27.58 for <spasm@ietf.org> (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 11 Apr 2024 15:28:00 -0700 (PDT)
X-Relaying-Domain: netskope.com
Received: by mail-pj1-f70.google.com with SMTP id 98e67ed59e1d1-2a2c2b0d82aso249152a91.3 for <spasm@ietf.org>; Thu, 11 Apr 2024 15:27:55 -0700 (PDT)
X-Forwarded-Encrypted: i=1; AJvYcCXdbXmu9sNQ2pNDI19J3JWN9rW6ywVgMv1RjM6kyRrZHgkeQR38eE1DLWYxzDTCqRBSkoBOIUGf9WZMCI3rvw==
X-Received: by 2002:a17:902:d4c8:b0:1e4:d548:81a0 with SMTP id o8-20020a170902d4c800b001e4d54881a0mr929631plg.67.1712874475235; Thu, 11 Apr 2024 15:27:55 -0700 (PDT)
X-Received: by 2002:a17:902:d4c8:b0:1e4:d548:81a0 with SMTP id o8-20020a170902d4c800b001e4d54881a0mr929615plg.67.1712874474822; Thu, 11 Apr 2024 15:27:54 -0700 (PDT)
MIME-Version: 1.0
References: <171269011520.2420.5933358132842531673@ietfa.amsl.com> <CAL9pJ7mzW6QW_MXybbUHEg55387uL6Hq6w2+b87JsH5kGYE6iA@mail.gmail.com> <DM6PR08MB4857C73464F9D1ECFB66B737B3062@DM6PR08MB4857.namprd08.prod.outlook.com>
In-Reply-To: <DM6PR08MB4857C73464F9D1ECFB66B737B3062@DM6PR08MB4857.namprd08.prod.outlook.com>
From: Himanshu Sharma <himanshu@netskope.com>
Date: Thu, 11 Apr 2024 15:27:43 -0700
Message-ID: <CAL9pJ7k8hzhHq7oCUHWO2V6dUOPdshsx_rhzPhwmoNjJt5_=9g@mail.gmail.com>
To: Susan Hares <shares@ndzh.com>
Cc: "ops-dir@ietf.org" <ops-dir@ietf.org>, "draft-ietf-lamps-ocsp-nonce-update.all@ietf.org" <draft-ietf-lamps-ocsp-nonce-update.all@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>, "spasm@ietf.org" <spasm@ietf.org>
x-netskope-inspected: true
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: netskope.com
Content-Type: multipart/alternative; boundary="0000000000009e663f0615d9aaa4"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/AK93vdfsI97mqMDxo5XdFdibTXI>
Subject: Re: [lamps] [EXTERNAL] Opsdir last call review of draft-ietf-lamps-ocsp-nonce-update-05
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: This is the mail list for the LAMPS Working Group <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Apr 2024 22:28:09 -0000
Hi Susan Thanks for valuable feedback and suggestions. I have uploaded the updated draft here https://datatracker.ietf.org/doc/draft-ietf-lamps-ocsp-nonce-update/06/ . Here is the summary about the changes for NITs. NIT #1 I referred to a few RFCs and docs that use OIDs in asn.1, explaining the OID encodings. With the example, Our intention is just to explain the correct encoding structure of Nonce, and Nonce value. NIT #2 Added the format reference as a comment for GeneralizedTime. NIT #3 Remove the import of ATTRIBUTE. NIT #4 Remove the "amp;" keyword from asn.1 modules. now they are standard asn.1 type identifiers and id. I believe that this updated draft addresses all of your concerns. -Thanks Himanshu On Wed, Apr 10, 2024 at 11:30 AM Susan Hares <shares@ndzh.com> wrote: > Himanshu: > > > > I’m glad I could be helpful! > > > > Sue > > > > *From:* Himanshu Sharma <himanshu@netskope.com> > *Sent:* Wednesday, April 10, 2024 2:26 PM > *To:* Susan Hares <shares@ndzh.com> > *Cc:* ops-dir@ietf.org; draft-ietf-lamps-ocsp-nonce-update.all@ietf.org; > last-call@ietf.org; spasm@ietf.org > *Subject:* Re: [EXTERNAL] Opsdir last call review of > draft-ietf-lamps-ocsp-nonce-update-05 > > > > > > Thanks Susan for your time to review the I-D and providing the feedback. > > I will work on the suggestion and update the I-D soon. > > > > -Himanshu > > > > On Tue, Apr 9, 2024 at 12:15 PM Susan Hares via Datatracker < > noreply@ietf.org> wrote: > > Reviewer: Susan Hares > Review result: Has Nits > > > Status: Ready with NITs > General Statement: Excellent writing and clearly understood by a novice. > I enjoyed reading the clear ASN.1 syntax in the appendices. > > operational summary: The key point is that Clients switching from > [RFC8954] to [draft-ietf-lamps-ocsp-nonce-update-06] will want to > use a nonce of length 32, and accept an OCSP of 16 octets. > > 4 NITS: Main Text (1) Appendix A.1 (1), and Appendix A.2 (2). > Note that NITS are editorial suggestions. > > 1 NITS in Main Text: > > The example in section 2 starts with > 30 2f 06 09 2b 06 01 05 05 07 30 01 02 [hex] > Sequence (30) length (2f) { > OBJECT Identifier (06) length (09) > oscpNonce (1 3 6 1 5 5 7 48 1 2 ) > > It might be good to explain that (1 3) is the 2b. > ------ > > #2 NITS in ASN.1 in Section > > It would help the ASN.1 reader to explain in a comment > associated with the first usage of "generalizedTime" the format of the > generalized time. It is a well-defined ASN.1 concept, but > the reader is assumed to be an IETF reader with less experience > in ASN.1. > > ------ > > #NIT 3, use of ATTRIBUTE as an import. > > In my review of the ASN.1 in Appendix A.2, > I cannot find a usage of ATTRIBUTE. > If it is not used, why is it included? > > ----- > #NIT 4, use of @amp; > > ResponseBytes ::= SEQUENCE { > responseType RESPONSE. > &id ({ResponseSet}), > response OCTET STRING (CONTAINING RESPONSE. > &Type({ResponseSet}{@responseType}))} > > AcceptableResponses ::= SEQUENCE OF RESPONSE.&id({ResponseSet}) > > I am not familiar with "&id" or "&Type" or @response. > Please add a comment with the ISO reference for this syntax. > If you wish to be helpful to the reader, it would be > to explain what this syntax means. > > > > > > > >
- [lamps] Opsdir last call review of draft-ietf-lam… Susan Hares via Datatracker
- Re: [lamps] [EXTERNAL] Opsdir last call review of… Himanshu Sharma
- Re: [lamps] [EXTERNAL] Opsdir last call review of… Susan Hares
- Re: [lamps] [EXTERNAL] Opsdir last call review of… Himanshu Sharma