IETF Logo Mail Archive

Re: [lamps] Paul Wouters' Yes on draft-ietf-lamps-lightweight-cmp-profile-16: (with COMMENT)

"Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com> Thu, 01 December 2022 16:29 UTC

Return-Path: <hendrik.brockhaus@siemens.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DE48EC14CF14; Thu, 1 Dec 2022 08:29:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=siemens.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cYyvkQdwnQV7; Thu, 1 Dec 2022 08:29:30 -0800 (PST)
Received: from EUR02-VI1-obe.outbound.protection.outlook.com (mail-vi1eur02on2062c.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe16::62c]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5F41FC14CE3F; Thu, 1 Dec 2022 08:29:26 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Yp9BGIcvCLusPAT4DNCD2ad7XfXy0ucWuFl/M2zJw4i//WTeAVss0Vk17bYZ/SY5ePD9o24Kbw0lnsuPfLj7tnpF54g/8+Um4sb2vTMGoSm5HqwyqlPzavqTC446okaXD0qPvY2/SI5XeZZh8TFsO44DAZZXa7aC/Srnh+TNxxu8G3V7xnc34zzhUAqQYXAFdFsEPXN/Jd+PIXqefcV4vNYd/zQXVt916PrgYoukXNhTL7/DO9u535tD+8PcVmbQfMs2/U5lK8vyeVbW2zUQ1lyBILbfk39/FqZWdi8sMZArP3z7X0xaBpZKRYSswZN8bOpjC/bOCtyTGGcUnX4UmA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=fwkQ5gGuU27uf3yqfrKJOF99RvPWpS9gWmi86nvnD+w=; b=Pr9yQo97vu/68SxWcEZDlxlF1tRvcR3KoNXIZ1OGm+0XOFEXRL3/5QQwV/UZbPT9C7fNtCHxGzOZ1dVUgjdZEyuQzn9r1k8dl/1yQqfPhTlvohZeVnjFkQ/k4L99uglkJLNAhXfc5Y0/eXdXeepr4i1r0rOfVIdOfBKOm5mTzRTOI5mX6XutrMzRt+KmAmlfeHNzZjobfwBx/sPONwfJHcQ2TsxXbIIbTckq8EKx3tTdH9u+3VD7YlMFYSVlRdKP9vN7our+CziHQmo5pVsQ4Dn9vAb7gsn0CHMDgIKL2DUSesWernAUjju6aj7ROvuFcr7uwASKWPJdEOjtbSnzbA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=fwkQ5gGuU27uf3yqfrKJOF99RvPWpS9gWmi86nvnD+w=; b=fGVFLfbj4BT9lrUsX+gExQKrpEp9THWHZRDpX/EJnFCSWHQnozNud6+DKfuB+Q9EQIHnC8DZi8V1r8vfyYaor5fYJOlfr5N9K0kliS2+Wayd8yts9FS8kBw0D4YYpOHT4akt+2UspbVAVBhG67Q2q0hfKRYPuNdBSKeD4suUn5IINY4pY4hc39XP9FYtXrCABN7S/8J6kYureXIjR0Jl/Tf/zC46ztZO9K/aISRXRq2MzUsQb/YcclmpsDkVseY25c0WyB8EhFQG49XShCESFphSnru0ju5E34pijE/JqGM1nGg6yvOcPXnkHkm39KLZ/aQPevcHq7yv4SXzqffnCw==
Received: from GV2PR10MB6210.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:150:7d::8) by GV2PR10MB7031.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:150:d3::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5857.23; Thu, 1 Dec 2022 16:29:22 +0000
Received: from GV2PR10MB6210.EURPRD10.PROD.OUTLOOK.COM ([fe80::cfed:9a7f:2568:206b]) by GV2PR10MB6210.EURPRD10.PROD.OUTLOOK.COM ([fe80::cfed:9a7f:2568:206b%5]) with mapi id 15.20.5880.008; Thu, 1 Dec 2022 16:29:22 +0000
From: "Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com>
To: Paul Wouters <paul.wouters@aiven.io>, The IESG <iesg@ietf.org>
CC: "draft-ietf-lamps-lightweight-cmp-profile@ietf.org" <draft-ietf-lamps-lightweight-cmp-profile@ietf.org>, "lamps-chairs@ietf.org" <lamps-chairs@ietf.org>, "spasm@ietf.org" <spasm@ietf.org>, "housley@vigilsec.com" <housley@vigilsec.com>
Thread-Topic: Paul Wouters' Yes on draft-ietf-lamps-lightweight-cmp-profile-16: (with COMMENT)
Thread-Index: AQHZBZNP7PPpSmokgE+O65Y7y6ybYq5ZK+Rw
Date: Thu, 01 Dec 2022 16:29:22 +0000
Message-ID: <GV2PR10MB6210590FC7AF1BD6E73BA4F9FE149@GV2PR10MB6210.EURPRD10.PROD.OUTLOOK.COM>
References: <166990582013.51656.10666210150824120190@ietfa.amsl.com>
In-Reply-To: <166990582013.51656.10666210150824120190@ietfa.amsl.com>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_Enabled=true; MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_SetDate=2022-12-01T16:29:21Z; MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_Method=Standard; MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_Name=restricted; MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_SiteId=38ae3bcd-9579-4fd4-adda-b42e1495d55a; MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_ActionId=b8adfa27-67d9-4af5-820a-0719d239fb09; MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_ContentBits=0
document_confidentiality: Restricted
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=siemens.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: GV2PR10MB6210:EE_|GV2PR10MB7031:EE_
x-ms-office365-filtering-correlation-id: d13ab159-bde0-465f-ca61-08dad3b93473
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: tfhk8fVVdZHAsOaPp308HhbGF1fllORGW6ToqzYfeIB21J/ZLfCh/gf/Q9enfAbMv/Cz/1DKodtrvME0Yf2zQlFLLCyt7bRPLSBBNiuDBHbTWkjTruZCaAQ0yvf/K6/bAQLXCTVHhroSkPCBIHkWwomcQudvM7aVnmb8sl3WO+EvGbevoWK8rzUlUFL5EPpxmyu4ibqKCg/JyLFF2O9qKVYEeoRSZ8oeXHkU1BZY5d9Gt3wc3yVh39VyjeYdpMOMg9iqnB5CJY8PxmM+jav5aS/AAetsx6EF3GKklDK9HtN+vGdln0S9Gzo31Zw92UlyLbUH0RV+e7qPaxwizZlvxUW5jwGuitcNFj2vLOtc8QT6p+CnXZ0UgtwAkOp/99bKjuYXV5kxfYlGKaGKJcKqZzHjZwU4jB8EVG35GezFSeLMOg4Z5fF4jlsfh8VfI1IVVgooU9ZuUWaKijIy9vmi6whRAuF4CZDVLp8uUbun44qsDYrEJoJ1I+C/DYhUxmFR8zc8MynpMNMWaC4jC6NiQ5DarBv8QsmAgJrcR1FqWNam6tERMLco54E86udbHSw4I+poH62nWwERO0DhTTfDgDPJdSgMTowXg90IYdhdYI3sXH9NAEiIyrvmZWwTF4G6AyugSf7KHRJeAiUVP/XrZNuaKQRD0AzKymw/+H45R/QHj29ZtPw56pxkgAYspTSi6+VrvQPekVZxIOORbGBfjQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:GV2PR10MB6210.EURPRD10.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230022)(4636009)(376002)(136003)(366004)(39860400002)(346002)(396003)(451199015)(186003)(66899015)(38100700002)(316002)(110136005)(54906003)(38070700005)(82960400001)(55016003)(33656002)(86362001)(122000001)(83380400001)(9686003)(6506007)(26005)(7696005)(5660300002)(41300700001)(71200400001)(8936002)(76116006)(478600001)(8676002)(2906002)(52536014)(66556008)(64756008)(66446008)(66946007)(4326008)(66476007); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: Rmyn6C/dhbb0q6VzOvRIYimrpMn2REA6Yp+n+BuvVI2uIQ77ENnTvr4OKVEPiCLMwfvj3cgonmWZshpJXVHq0mEGZl3UweAAIJ05/HimrZuCBZ0RUlF8WHvFlgvvcbckTvi45JmoCR5YK/XDAQAjcMcbTck3AG79r9bFTUaCPXnIZG8TOw22Vv0l1rfDAJejpcPfRIBq5DQ/Dm0VpdvnkT0+hLZ8TuIL2nJYhPSYYUNQ4W04ywYbDA7RJ2mxa2ne8QPBXFJUaJJQukRWy87N4GGV1oU+C7mnJL1UhCaY/JGE4c/A4/94TzWctIFFXcOArX1ckxLf/++gtTWBMhEJXRK23+d0STWODgC0G1RuB/PwsqjuVr9Z+w417jQaTiiN/N02bx4Q0+nfIv6B12SsOel9kJiXqPfAbwHyNwbaTJ/D2+8mPTypgif6IWpugtDCB0RuvR8IuNZomBxlMJ18aWj6k0lIKm9BGQ0OceS/sqjdHZsrgs7Tq+ngzJ0GbpE7VIRxwIvpxCgkWoOzx5zfNo67xGP5Sd/5VhBqxPT1tj2A6CyJO0JlVqK7lJAcr/YRt9PF4kTn7iCbNt/2aAkpZiOqJQJS9WJxh0nM8JaSoovRQLNl7ljxxOfdTnHqgapfv0RYr49uIOVouJxeYOFSFPPoqauPxBsENP0OpSlcGXyoOZSWTqjyc6Nt8Ai/3zEmFaIuGpNJPphAUYU4a4Zsy6iUaUxj++8855uZwM+QZcVRZpkAGv7jCJit69/bDGLEYJxWlJVrBlsBtbohkcDQcQYbsQe+qtEB81sAwQhYUXWOY6IgBq0xqiiB5hS3OF8mooPv3fZbFgMiThQA02THj65lQ6PJETdg/bpMjCxL0/AdmbDJEQYlxY10vMzI1PV2woQG2BZjcFCHyg1Wro8opCeZPJhrAuPRoIo4B1ufFiPtyEo5LJo3kGksUmV/ZyZRINKRaZghzrCdYEqg8NKoed7wv8y4x3X8Pdn4w28AnUyqAsv3IWJGbJINlzErSywDDHJ70EmWWAHmsG+roavibO3OlpB0wP3hAF4UKH5iqEVvhpeZ41XLu/hT/AqJqQRk1BLYm/sjKFfPspTgq2Tg/7lXWcN1bajM9lm+N3rTOU7Zb8iynZ/h9wByFGEUnI7wSvcuNEQjjdI/xwkbxNIGN3i91qf6Tq2gbDd9eAVsUx0sLu2+6L3jINzD9p/5qDHQZlyrWzTIdsQiWOXYVi99dNTskakuCD8jy6QKqPXpAnMBC6igolU4KpwZKZaJX9nnc4hdltQ89qTZpyxK7ACxRphJ2SB85awlIjz5mw19NyHTrG09kU2tJlIzBVwWXOZilbZBNy1xw9reWtv+L3wedobcjK6NuWcZUPDaigpmCMFynjZjFCQqfvEgVM/iIV1iHGaqUnPXgQifgwc7bCAsDl9BCcKUomXcM+M9OPQBuDspRJSXT7BXYn1iBzyzdpyHMSPqW0NwKiEAU7cm689Kcp8JBt53Xq9MAqmfXup5V+SeDEVqW1d21UU4TTqj3EDEp12qjvxtI9xo5GnfboeXz5p10DAi3AKF3f4tXezeE+b8MMnicm6xMtFP/ctQlPssFFweuMdzCYKW/rLMHdvy9A==
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: siemens.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: GV2PR10MB6210.EURPRD10.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: d13ab159-bde0-465f-ca61-08dad3b93473
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Dec 2022 16:29:22.8448 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: tVbpcMjHwapHeLtCDKqLCytM+iCok8ltbd3pPzGRWbb2i9Pq/8hz41ZhtOshatx+GXOd4RCbixg6Xk+TevGw6vSuPDKJ65iW9ov/bDMYKKQ=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: GV2PR10MB7031
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/yNLlgB6BCyls40l1npGJXuiInBQ>
Subject: Re: [lamps] Paul Wouters' Yes on draft-ietf-lamps-lightweight-cmp-profile-16: (with COMMENT)
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Dec 2022 16:29:35 -0000

Paul

Thank you for your review and comments.
Please see my responses and proposals below.

Hendrik

> Von: Paul Wouters via Datatracker <noreply@ietf.org>
> 
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
> 
>    Though CMP is a capable protocol it is so far not used very widely.
>    The most important reason appears to be that the protocol offers a
>    too large set of features and options.
> 
> I would say [citation needed] here...

[HB] The statement is the opinion of the authors. I am not aware of any 
citation to use here. Anyhow, we could express this more clearly.
OLD
   Though CMP is a capable protocol it is so far not used very widely.
   The most important reason appears to be that the protocol offers a
   too large set of features and options.
NEW
   CMP is a capable protocol and could be used more widely. RFC 4210
   [RFC4210] and CMP Updates [I-D.ietf-lamps-cmp-updates] offer a
   very large set of features and options.

> 
> In section 6:
>         HTTP SHOULD be used and CoAP MAY be used
> 
>         File-based transfer MAY be used in case offline transfer is required.
> 
> I find these different levels of usage odd. Clearly devices have no real choice
> here. If they can support HTTP, there is no need for CoAP. If they cannot do
> HTTP and therefor can only do CoAP, there is no choice either. If they are
> offline, clearly they cannot use anything but file based transfer. I would set
> all of these to MAY ?

[HB] This statement does not only address end entities, but also RAs or CAs. For 
EEs you are right, the EE has little choice. This is different for an RA or CA. An EE 
may have an online and an offline mode of operation. In this case the EE should 
use HTTP or CoAP and not file-based transfer if in the online mode.  
As you also said, HTTP is preferred over CoAP. Therefore, we stated 'SHOULD be 
used' for HTTP and 'MAY be used' for CoAP. Saying MAY equally to all choices 
does not express this preference for HTTP.
File-based transfer is clearly a side-line and less preferred to any online transfer. 
Therefore, we limited the use to the offline case.

I am uncertain how to phrase it differently and still expressing what we want to 
say. Any proposal is welcome.

> 
> In section 6.1:
> 
>         the recommendations provided in [I-D.ietf-uta-rfc7525bis] SHOULD be
>         considered.
> 
> "considered" is already a watered down version of "followed". So either use
> MUST be considered or "SHOULD be followed" and not "SHOULD be
> considered"

[HB] Got it.
OLD
   In addition,
   the recommendations provided in [I-D.ietf-uta-rfc7525bis] SHOULD be
   considered.
NEW
   In addition,
   the recommendations provided in [I-D.ietf-uta-rfc7525bis] SHOULD be
   followed.

v2.23.0 | Report a Bug | By Email