[stir] Shepherd Review of draft-ietf-stir-certificates-shortlived-03
Ben Campbell <ben@nostrum.com> Tue, 14 October 2025 21:45 UTC
Return-Path: <ben@nostrum.com>
X-Original-To: stir@mail2.ietf.org
Delivered-To: stir@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 799F07397BF3 for <stir@mail2.ietf.org>; Tue, 14 Oct 2025 14:45:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: 0.519
X-Spam-Level:
X-Spam-Status: No, score=0.519 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_DISCARD=1.8, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, KHOP_HELO_FCRDNS=0.399, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01] autolearn=no autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=nostrum.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QPFaf4R1ZfyX for <stir@mail2.ietf.org>; Tue, 14 Oct 2025 14:45:51 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 3FB3C7397BF0 for <stir@ietf.org>; Tue, 14 Oct 2025 14:45:51 -0700 (PDT)
Received: from smtpclient.apple (syn-070-120-126-028.res.spectrum.com [70.120.126.28] (may be forged)) (authenticated bits=0) by nostrum.com (8.18.1/8.18.1) with ESMTPSA id 59ELjmvi014105 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 14 Oct 2025 16:45:49 -0500 (CDT) (envelope-from ben@nostrum.com)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nostrum.com; s=default; t=1760478350; bh=jW2s4O421Hqy5LBdVkKQa8g7eUvXBS5LHjTr4Tj3k+4=; h=From:Subject:Date:Cc:To; b=MbNIGrD/3zTL6lWAh10ehwhIWpUVNVEe0FFpA74AsaPE81GypbIDn7JrF9wHBauKS Yld9uM0g6yPnmch8qXjjQNxdjKMxZYDdYYze8xX4TCze0ii+YEj7z4061lqQwO3LNB tVk9Xw4BJejqo/lKyxNjorudX8uWvhL5tYVI6b7I=
X-Authentication-Warning: raven.nostrum.com: Host syn-070-120-126-028.res.spectrum.com [70.120.126.28] (may be forged) claimed to be smtpclient.apple
From: Ben Campbell <ben@nostrum.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3864.100.1.1.5\))
Message-Id: <EC2A249A-EFD0-407C-BCD0-EF3968E56D7F@nostrum.com>
Date: Tue, 14 Oct 2025 16:45:43 -0500
To: "Peterson, Jon" <jon.peterson@transunion.com>
X-Mailer: Apple Mail (2.3864.100.1.1.5)
Message-ID-Hash: DH4Y7HK7LJVI6G5PALOWVLXBHPPTEUUB
X-Message-ID-Hash: DH4Y7HK7LJVI6G5PALOWVLXBHPPTEUUB
X-MailFrom: ben@nostrum.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-stir.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Russ Housley <housley@vigilsec.com>, stir@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [stir] Shepherd Review of draft-ietf-stir-certificates-shortlived-03
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/H77_nXwUkPo2WFBp728_hvO-BNY>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Owner: <mailto:stir-owner@ietf.org>
List-Post: <mailto:stir@ietf.org>
List-Subscribe: <mailto:stir-join@ietf.org>
List-Unsubscribe: <mailto:stir-leave@ietf.org>
Hi Jon, I am in the process of doing the shepherd writeup for draft-ietf-stir-certificates-shortlived-03, and noted a few comments. Most are trivial and can be addressed when convenient, but there are a few that might cause confusion during IESG review and should be addressed prior to that. Thanks! Ben. ----------------- ##Standard Questions - Are you aware of any IPR that needs to be declared? - Do you still want your name on the resulting RFC? ## Substantive Comments ### Section 1 - “… this document revises the guidance of [RFC8224]…”: Should this draft formally update that RFC? If not, then maybe this should be reworded, otherwise there is a risk of the IESG getting wrapped around this axle. ### Section 4 - 2nd paragraph, “… this specification permits the conveyance”: IIUC, this specification _requires_ that conveyance for short-lived certs following this specification. - Last paragraph: We are not actually allowing that alternative approach to x5c, right? I think this sentence will cause confusion during the IESG review. Is it actually needed? ## Minor Comments and Nits ### Section 1 - Paragraph 1: “… the implementation of credentials which identify…”: s/which/that - “… this document revises the guidance of [RFC8224] to REQUIRE”: I’m guessing REQUIRE should not be capitalized, since this is a statement of fact, not an authoritative normative statement. ### Section 4: - Example PassPORT: Has this been verified mechanically ### Normative References - It seems like several of these could be informative and save people the problem of checking against the downref registry - Are [ATIS-0300251] and [DSS] actually cited in the document somewhere? If so, I missed it.
- [stir] Shepherd Review of draft-ietf-stir-certifi… Ben Campbell
- [stir] Re: Shepherd Review of draft-ietf-stir-cer… Peterson, Jon
- [stir] Re: Shepherd Review of draft-ietf-stir-cer… James Olorundare
- [stir] Re: Shepherd Review of draft-ietf-stir-cer… Peterson, Jon