[lamps] Ben Campbell's Yes on draft-ietf-lamps-rfc5750-bis-06: (with COMMENT)

Ben Campbell <ben@nostrum.com> Tue, 19 June 2018 04:06 UTC

Return-Path: <ben@nostrum.com>
X-Original-To: spasm@ietf.org
Delivered-To: spasm@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id CC8D0130EF5; Mon, 18 Jun 2018 21:06:45 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Ben Campbell <ben@nostrum.com>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-lamps-rfc5750-bis@ietf.org, Russ Housley <housley@vigilsec.com>, lamps-chairs@ietf.org, housley@vigilsec.com, spasm@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.81.2
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <152938120582.3146.786592198431535201.idtracker@ietfa.amsl.com>
Date: Mon, 18 Jun 2018 21:06:45 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/iIGRfN9f6Fd_tVcdrNozeInDlR8>
Subject: [lamps] Ben Campbell's Yes on draft-ietf-lamps-rfc5750-bis-06: (with COMMENT)
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.26
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Jun 2018 04:06:47 -0000

Ben Campbell has entered the following ballot position for
draft-ietf-lamps-rfc5750-bis-06: Yes

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)

Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.

The document, along with other ballot positions, can be found here:


Thanks for this work. I'm balloting "yes", but have a few comments. I realize
some of these may be leftovers from previous versions. None are blocking, so I
leave it to the authors, WG, and AD to choose.


§1.3, last paragraph: Is the "SHOULD NOT" really constrained to mail? It seems
like it should apply to other messaging systems, although I can see the need to
decrypt old messages as more important for mail than for more real-time

§2.2.1, 2nd paragraph: "...although ignoring those
   certificates is expected behavior..."
I'm surprised not to seem a MUST or SHOULD here--is it ever reasonable to _not_
ignore these certificates?


- The requirement to be able to handle an arbitrary number of certificates
seems like a potential DOS vector. Aspects of that are mentioned in the
security considerations. Shouldn't a receiving agent put some limits on the
number/size it will accept? Or is "fail gracefully" an acceptable strategy to
"handle" too many certs?

- 4th paragraph: "Note that
   receiving agents SHOULD NOT simply trust any self-signed certificates
   as valid CAs, but SHOULD use some other mechanism to determine if
   this is a CA that should be trusted."

Why are those SHOULDs not MUSTs? (Or SHOULD+'s)?

§4.4, 2nd paragraph: "Some mechanism SHOULD
   exist to gracefully handle other certificate extensions when they
   appear in end-entity or CA certificates."

Can you elaborate on that? Does it imply more than discussion of the "critical"
bit in the next paragraph?

Appendix B: It seems odd to find this in an appendix.  Does this draft actually
purport to _request_ the move to historic, or just sort of wish we would do so?


Abstract: Should the RFC Editor remove the "Contributing to this document..."


- The definition for AC does not contain an actual definition.
- CRL definition: " prematurely" seems an odd choice of words; one assumes the
issuer does not revoke before it needs to. I assume the intent was to describe
revoking certs prior to their expiration?

§1.4 (and subsequent change version): I infer from the section titles that the
normative keywords in these sections are intended to describe requirements
added to those versions, not new requirements in _this_ version. It would be
better to make that explicit; the body text should stand alone without the

§2.2.1, 2nd paragraph: s/parser/parse

§3: Paragraph 5: " Some localities may perform other
   transformations on the local name component before doing the
   comparison, however an S/MIME client cannot know what specific
   localities do."

That's an odd statement, since software localization rules can certainly
include comparison policies. It's not material to the document, though, so I
will leave this as an editorial comment.

§4.1, first paragraph: "get information stored away from incoming messages."
I don't understand what that means. Should "away from" simply be "in"?

§4.2, first paragraph: The first sentence seems more like a statement of
principle than a normative requirement.