Re: [lamps] Orie Steele's No Objection on draft-ietf-lamps-rfc5019bis-08: (with COMMENT)
Russ Housley <housley@vigilsec.com> Fri, 12 April 2024 17:25 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6DD96C14F6FD; Fri, 12 Apr 2024 10:25:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=vigilsec.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1SCN57vtlgi1; Fri, 12 Apr 2024 10:25:46 -0700 (PDT)
Received: from mail3.g24.pair.com (mail3.g24.pair.com [66.39.134.11]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 97021C14F748; Fri, 12 Apr 2024 10:24:56 -0700 (PDT)
Received: from mail3.g24.pair.com (localhost [127.0.0.1]) by mail3.g24.pair.com (Postfix) with ESMTP id 45BEE165EAA; Fri, 12 Apr 2024 13:24:55 -0400 (EDT)
Received: from smtpclient.apple (pfs.iad.rg.net [198.180.150.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail3.g24.pair.com (Postfix) with ESMTPSA id 19AED165E1B; Fri, 12 Apr 2024 13:24:55 -0400 (EDT)
From: Russ Housley <housley@vigilsec.com>
Message-Id: <8CD941BC-764A-4887-A37D-DD1C4EF253EE@vigilsec.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_94669249-F0AD-4BBB-A07D-293CD16B994C"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.700.6.1.1\))
Date: Fri, 12 Apr 2024 13:24:44 -0400
In-Reply-To: <171294034615.9001.2004678793920267030@ietfa.amsl.com>
Cc: IESG <iesg@ietf.org>, draft-ietf-lamps-rfc5019bis@ietf.org, LAMPS <spasm@ietf.org>
To: Orie Steele <orie@transmute.industries>
References: <171294034615.9001.2004678793920267030@ietfa.amsl.com>
X-Mailer: Apple Mail (2.3731.700.6.1.1)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vigilsec.com; h=from:message-id:content-type:mime-version:subject:date:in-reply-to:cc:to:references; s=pair-202402141609; bh=DI10HKNSqJy3zrz5N3t/JWdZAlOJla0B83lNJ0eW2e0=; b=RcNqaPVdTN3f3a0B1bU6KMQEIUxH/ym/qljrsEkEDUj4qqQGkAJs1yK/Bz64IHo7i1RWs74zgZ0TpBjaPfJjW9o0w4ReNjm3ggdeQRIkG0AcR2NoTgl8cp1wT7ulW/4xJ2ExG5jCVMLbu2a40DMvYiqHfgce3uXCeEFZ68xrwQhT/mNvui5yXqnY5vS2ikwZoEDRxXLFJaxWlHnzUzKpxsZVT+5xKcqT9iPoJ2owdS5tB2+Y2ADNN0SEwL7ENFKD32xDYSoeXCoFBR111J20XRK/jxId/Ed3jr3zKmp7PbHVdT/h7XLtQnpcCLsm/UzYZkHynQtgdUpZY8wzWJsKrQ==
X-Scanned-By: mailmunge 3.11 on 66.39.134.11
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/pZRpTxIA3VC8y0iRP9gKWNJ-P0Y>
Subject: Re: [lamps] Orie Steele's No Objection on draft-ietf-lamps-rfc5019bis-08: (with COMMENT)
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: This is the mail list for the LAMPS Working Group <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Apr 2024 17:25:50 -0000
Orie: I am not sure what you are asking here. Yes, the extract of ASN.1 is incomplete from RFC 6960. Are you just asking for it to be more complete, even though this profile does not include the part that is not duplicated? Russ > On Apr 12, 2024, at 12:45 PM, Orie Steele via Datatracker <noreply@ietf.org> wrote: > > ### Section 3.1.1 missing Signature > > ``` > 194 Provided for convenience here, but unchanged from [RFC6960], the > 195 ASN.1 structure corresponding to the OCSPRequest with the relevant > 196 CertID is: > ``` > > https://datatracker.ietf.org/doc/html/rfc6960#section-4.1.1 contains: > > ``` > Signature ::= SEQUENCE { > signatureAlgorithm AlgorithmIdentifier, > signature BIT STRING, > certs [0] EXPLICIT SEQUENCE OF Certificate > OPTIONAL} > ``` > > But this section does not. > > I am not sure if this impacts "copy paste / validation", but it is a "change" > that I noticed. > > Later sections note that unsigned requests are acceptable, perhaps this is the > reason for the ommision?
- Re: [lamps] Orie Steele's No Objection on draft-i… Russ Housley
- [lamps] Orie Steele's No Objection on draft-ietf-… Orie Steele via Datatracker
- Re: [lamps] Orie Steele's No Objection on draft-i… Orie Steele