[stir] Minor comments on draft-ietf-stir-rfc4474bis-12

Anders Kristensen <andersk@google.com> Thu, 22 September 2016 03:48 UTC

Return-Path: <andersk@google.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CFAC912BCA2 for <stir@ietfa.amsl.com>; Wed, 21 Sep 2016 20:48:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.016
X-Spam-Level:
X-Spam-Status: No, score=-5.016 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-2.316, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4PbLLud_5sos for <stir@ietfa.amsl.com>; Wed, 21 Sep 2016 20:48:53 -0700 (PDT)
Received: from mail-wm0-x229.google.com (mail-wm0-x229.google.com [IPv6:2a00:1450:400c:c09::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2907312BC52 for <stir@ietf.org>; Wed, 21 Sep 2016 20:48:53 -0700 (PDT)
Received: by mail-wm0-x229.google.com with SMTP id b130so124674576wmc.0 for <stir@ietf.org>; Wed, 21 Sep 2016 20:48:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:from:date:message-id:subject:to; bh=1GhQzH4UdII/wXpdJSdwCsjyQDTzFaso2qxycSadJz4=; b=RULiRNIUJlB/Ab8QuS3UejqkyMC8+fXiEmpVpwxP+rMPLEVEjm+fYC17I6gLDdt8ik 11S1Zo0t95L1YrnU5NI/1svM75TcAAoH1P4Mq4jT7k1FLShRZFmKusfvm23+8o7+TkKo xv62o/QMKfLVi17gkyab9o7JvLwZ6z0Zg1nTkKtN4zzXzcBEoUie09gLzypAmF2bKu90 Yk8sR8oAQl6RSaa5BxBqpnqx9hz5Lc+TCaiOAQAbg9JdoM9taOsHO38ytUN350NALa3f Ij71mIvm6eZNqGhGoMc8HNA6AUWk7jzSyQKpPMiU8fL6ZlEjiDhhBbx1nVdRVuGtgNiJ k+7g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=1GhQzH4UdII/wXpdJSdwCsjyQDTzFaso2qxycSadJz4=; b=jO9V1TQEQKCssONZjA/UZESsy41Zje9gaeJKjF5irC33NNQ/0PbRLqfw9lSjRi6rB2 3kQB+nTPgF3rmQcHJNTgYLMs28FLPfr8GD6QwmeZgFrbugPNOLTcdjofpcKnJDwqeZ94 frBpmRcpVeClHvJSQAVbIRt2MMonXVM8bB0cxhP0fooehlf3RkXg6fCzcLyWm+OvQ8Sy P6pUaSrIJyIdfFPHoClQK7VePWmklwPBmW3OABPorekvJeiop1n3RYwB86DmeMeagsV3 H+vItDdctuk2Zg+Tuu9E33qUQ4bwatfwapq5oGf1IQO8DKBoGfTlQVNGO3ISAiGF6t3Z XuAQ==
X-Gm-Message-State: AE9vXwNC6Vt/FjLamDWUakOK35Jqm9s6caJVDQirDgu75bCwKcG9ykOVHkxIyaP3fuz/v1UxL7DJBmGOVgGwBrOU
X-Received: by 10.194.85.18 with SMTP id d18mr35441101wjz.43.1474516131151; Wed, 21 Sep 2016 20:48:51 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.28.29.137 with HTTP; Wed, 21 Sep 2016 20:48:50 -0700 (PDT)
From: Anders Kristensen <andersk@google.com>
Date: Wed, 21 Sep 2016 20:48:50 -0700
Message-ID: <CACG=0wRjUet6oiD=5hDJR2Q+tHP5uF3Juwv5Cfnf-6am+L3RQw@mail.gmail.com>
To: stir@ietf.org
Content-Type: multipart/alternative; boundary="089e0103e05c36d58d053d108a2b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/70uEhCvCGDqqb62Ib13NMjKLCCw>
Subject: [stir] Minor comments on draft-ietf-stir-rfc4474bis-12
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Sep 2016 03:48:56 -0000

4.1 says

      Third, the JSON key "x5u" MUST have a value equivalent to the
      quoted URI in the "info" parameter.


I'm not sure exactly what equivalent means here. Maybe worth elaborating or
adding a reference?

Anyway, I don't think the URIs in the example in sec 5.1 would be
considered equivalent:

   {"alg":"ES256","typ":"passport","x5u":"https://cert.example.org/
      passport.cer"}

...

   Identity: "rq3pjT1hoRwakEGjHCnWSwUnshd0-zJ6F1VOgFWSjHBr8Qjpj \
    lk-cpFYpFYsojNCpTzO3QfPOlckGaS6hEck7w"; \
    info=<https://biloxi.example.org/biloxi.c>



Sec 6.2: s/that the that the/that the/