Re: [lamps] Orie Steele's No Objection on draft-ietf-lamps-rfc5019bis-08: (with COMMENT)
Orie Steele <orie@transmute.industries> Fri, 12 April 2024 17:35 UTC
Return-Path: <orie@transmute.industries>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 89DB0C14F708 for <spasm@ietfa.amsl.com>; Fri, 12 Apr 2024 10:35:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.076
X-Spam-Level:
X-Spam-Status: No, score=-7.076 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, T_REMOTE_IMAGE=0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=transmute.industries
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iaDp3fMlUmz0 for <spasm@ietfa.amsl.com>; Fri, 12 Apr 2024 10:35:37 -0700 (PDT)
Received: from mail-pg1-x529.google.com (mail-pg1-x529.google.com [IPv6:2607:f8b0:4864:20::529]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E1216C14F696 for <spasm@ietf.org>; Fri, 12 Apr 2024 10:35:37 -0700 (PDT)
Received: by mail-pg1-x529.google.com with SMTP id 41be03b00d2f7-5cddc5455aeso839320a12.1 for <spasm@ietf.org>; Fri, 12 Apr 2024 10:35:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=transmute.industries; s=google; t=1712943337; x=1713548137; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=RGqd1VXQC6PKkAYGkxwsm/eWYqkufzr17izdsnMf4/U=; b=gsgNwcRdfZs9g1vk7TqC1i3KqYsERV6qL9ihg/7Exxv+MwAwbcssSqQ1vQ+fNCjpsn 6XaPdy0wkst70999AWFrd2vYioq/ujIibEMZjkwyQ43AJ9xfSYhXN7u7QiKWUAdIosnc dkzlqZp+3S3Fh8c/q9cojP1J5sfC1VNIhBK55rIvoCg9IMjSEzs3yaYVw3ZPVuGRFq4q 08X2bcLpc6WGQ9fJPXwX9vitb7H3xB9I7qLw8zoKZ7Kuhg7oEM3XL1a7+KOvjnNKldQz Gbrce5yZsOcKo4MqAY8GuMh0WkIUXz7fPD1BuOvu+EBAM/OvqqyppjHqY+7/6M3vIH9U Dmew==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712943337; x=1713548137; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=RGqd1VXQC6PKkAYGkxwsm/eWYqkufzr17izdsnMf4/U=; b=KzE0werAeXpRJR4s9HIMpTvFCpJZA4RbiypUoQaEJksF3MDW1q/JRYjA7LW8JXSiUN 35VKrOFEgMZldn2qNbY4gaq1ZrMyGODB3Pi09yN+Wh9GPPfyxxMZSoLPIEeAbhLLVBdU ZjeUkMIl0mdBzvV3jPgsiXgUk9/svIsC3BozMUkbcPaJm60sF3scq9N8CZ2Tl/RjAq/b o6WI+Z68e1bAa037gdOo1MtC84Pn44wCvp/noBa9DqHLl4CJ5zEV0zURTfOq7QUha59h IBl2NP9ffGons8k5/iyRRYoHdCrVEej1jm06jD/so3qOYGxESeGNjoKf0JzVuccLBEQz nKqA==
X-Forwarded-Encrypted: i=1; AJvYcCV8nxBtmoKL32HKiY1dfqw9ZfBuGVOr0rzEarg2PHXc22/M87OGnbGIUPBbSPQIGo27cUvhDF1I2jkQ+YK2EA==
X-Gm-Message-State: AOJu0Yx4MgfKutrk6fsovTrm2Qphx8K0RE276GI7jEcJX4rrbz458U5q t0jQ3gYOYEg4L7qu9oAqt2fMUJLvjqCbrPjLywv6CZcGbGYEXeowrZKIHuZA1LEb1P2dR+o9aK/ Nm6GudCiSXLGjYitYzzOVyGgej9GxoDDu9gskTw==
X-Google-Smtp-Source: AGHT+IFQBahm+QFlwf3HNcD+6BqWZDYLWjT4r+he7nA5l8KFL2Qxatl8bSQLPBkzz49i7G8P1gh6gzC0YAzGH+LrxFM=
X-Received: by 2002:a17:90a:6f84:b0:2a3:ba0:d9f with SMTP id e4-20020a17090a6f8400b002a30ba00d9fmr3294593pjk.11.1712943337267; Fri, 12 Apr 2024 10:35:37 -0700 (PDT)
MIME-Version: 1.0
References: <171294034615.9001.2004678793920267030@ietfa.amsl.com> <8CD941BC-764A-4887-A37D-DD1C4EF253EE@vigilsec.com>
In-Reply-To: <8CD941BC-764A-4887-A37D-DD1C4EF253EE@vigilsec.com>
From: Orie Steele <orie@transmute.industries>
Date: Fri, 12 Apr 2024 12:35:26 -0500
Message-ID: <CAN8C-_LR-7KT+j4XAOesTvNJOkxDQDfYnCGC6gJe4EynnAinhw@mail.gmail.com>
To: Russ Housley <housley@vigilsec.com>
Cc: IESG <iesg@ietf.org>, draft-ietf-lamps-rfc5019bis@ietf.org, LAMPS <spasm@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000002384910615e9b31d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/zIaizEov_jQkh7uJcJO9ktdmESg>
Subject: Re: [lamps] Orie Steele's No Objection on draft-ietf-lamps-rfc5019bis-08: (with COMMENT)
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: This is the mail list for the LAMPS Working Group <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Apr 2024 17:35:41 -0000
I'm not asking for any change, I am just noting that the signature block was missing. If that causes the block to become invalid, I am not enough of an expert to answer... If this were another language, I might expect an "undefined term" error. If the missing section is not needed (which seems to be the case), this suggested change might make it clearer that the extract is partial: 194 Provided for convenience here, *a partial extract of the relevant * 195 ASN.1 structure corresponding to the OCSPRequest with the relevant 196 CertID as defined in [RFC6960]: Then no other changes would be needed. Either way, this was just a comment. OS On Fri, Apr 12, 2024 at 12:24 PM Russ Housley <housley@vigilsec.com> wrote: > Orie: > > I am not sure what you are asking here. Yes, the extract of ASN.1 is > incomplete from RFC 6960. Are you just asking for it to be more complete, > even though this profile does not include the part that is not duplicated? > > Russ > > > On Apr 12, 2024, at 12:45 PM, Orie Steele via Datatracker < > noreply@ietf.org> wrote: > > ### Section 3.1.1 missing Signature > > ``` > 194 Provided for convenience here, but unchanged from [RFC6960], the > 195 ASN.1 structure corresponding to the OCSPRequest with the > relevant > 196 CertID is: > ``` > > https://datatracker.ietf.org/doc/html/rfc6960#section-4.1.1 contains: > > ``` > Signature ::= SEQUENCE { > signatureAlgorithm AlgorithmIdentifier, > signature BIT STRING, > certs [0] EXPLICIT SEQUENCE OF Certificate > OPTIONAL} > ``` > > But this section does not. > > I am not sure if this impacts "copy paste / validation", but it is a > "change" > that I noticed. > > Later sections note that unsigned requests are acceptable, perhaps this is > the > reason for the ommision? > > > -- ORIE STEELE Chief Technology Officer www.transmute.industries <https://transmute.industries>
- Re: [lamps] Orie Steele's No Objection on draft-i… Russ Housley
- [lamps] Orie Steele's No Objection on draft-ietf-… Orie Steele via Datatracker
- Re: [lamps] Orie Steele's No Objection on draft-i… Orie Steele