IETF Logo Mail Archive

Re: [lamps] Mirja Kühlewind's No Objection on draft-ietf-lamps-hash-of-root-key-cert-extn-05: (with COMMENT)

Russ Housley <housley@vigilsec.com> Wed, 22 May 2019 18:13 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7FC2F120159 for <spasm@ietfa.amsl.com>; Wed, 22 May 2019 11:13:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZD7BNqC1y7A9 for <spasm@ietfa.amsl.com>; Wed, 22 May 2019 11:13:21 -0700 (PDT)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7FC6512006E for <spasm@ietf.org>; Wed, 22 May 2019 11:13:21 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 72FEA300AE8 for <spasm@ietf.org>; Wed, 22 May 2019 13:54:03 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id hMM69acuxV_F for <spasm@ietf.org>; Wed, 22 May 2019 13:54:01 -0400 (EDT)
Received: from a860b60074bd.fios-router.home (unknown [138.88.156.37]) by mail.smeinc.net (Postfix) with ESMTPSA id 478C9300471; Wed, 22 May 2019 13:54:01 -0400 (EDT)
From: Russ Housley <housley@vigilsec.com>
Message-Id: <FA39C79E-CB5C-40F2-9B83-D5E9052A4CC2@vigilsec.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_317D3B42-E37A-4F05-A8FC-7B74F35E89B2"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Date: Wed, 22 May 2019 14:13:18 -0400
In-Reply-To: <155854652269.11209.18166503524488589778.idtracker@ietfa.amsl.com>
Cc: IESG <iesg@ietf.org>, Tim Hollebeek <tim.hollebeek@digicert.com>, SPASM <spasm@ietf.org>
To: Mirja Kühlewind <ietf@kuehlewind.net>
References: <155854652269.11209.18166503524488589778.idtracker@ietfa.amsl.com>
X-Mailer: Apple Mail (2.3445.104.11)
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/SGV3rB5ojcpRT2Vlvmy66CRfTRY>
Subject: Re: [lamps] Mirja Kühlewind's No Objection on draft-ietf-lamps-hash-of-root-key-cert-extn-05: (with COMMENT)
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 May 2019 18:13:24 -0000

Mirja:

> Why is the intended status informational? Unfortunately, this is not further
> explained in the shepherd write-up. What was the discussion in the group and
> why was informational selected? As this doc defines a protocol extension,
> informational does not seem appropriate for me. Should it be experimental
> instead?

This document was originally expected to be published on the Independent Stream, but the Security Area Director at the time asked the ISE to send the document to the LAMPS WG. Since it was already submitted to the Independent Stream for publication as Informational RFC, the topic never came up about a different publication status.

The LAMPS WG discussion started here: https://mailarchive.ietf.org/arch/msg/spasm/o7aDwt5VMXCyL5UeLHrZxrdQjaA <https://mailarchive.ietf.org/arch/msg/spasm/o7aDwt5VMXCyL5UeLHrZxrdQjaA>

> Quick question/comment: The document mentions two “error” cases where a new
> self-signed certificate needs to be deployed. If that is an option that always
> need to be taken into account, the benefits of this mechanism are less clear to
> me. What is the exact attack scenarios this mechanism tries to protect?

Deploying a new self-signed certificate is a much more complex task.  While this is the fallback situation if things go wrong, the deployment of replacement self-signed certificate is much simpler when things work.

Russ

v2.23.0 | Report a Bug | By Email