IETF Logo Mail Archive

Re: [stir] WGLC: draft-ietf-stir-cert-delegation-03

"Peterson, Jon" <jon.peterson@team.neustar> Wed, 05 August 2020 15:56 UTC

Return-Path: <prvs=948686d658=jon.peterson@team.neustar>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D13C93A0CC9 for <stir@ietfa.amsl.com>; Wed, 5 Aug 2020 08:56:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=team.neustar header.b=oBjkp/EI; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=neustar.onmicrosoft.com header.b=l8bo2JD9
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AEk-zM5Qjvsm for <stir@ietfa.amsl.com>; Wed, 5 Aug 2020 08:56:26 -0700 (PDT)
Received: from mx0b-0018ba01.pphosted.com (mx0a-0018ba01.pphosted.com [67.231.149.94]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 640653A0C7B for <stir@ietf.org>; Wed, 5 Aug 2020 08:56:26 -0700 (PDT)
Received: from pps.filterd (m0078664.ppops.net [127.0.0.1]) by mx0a-0018ba01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 075FuEcq022058 for <stir@ietf.org>; Wed, 5 Aug 2020 11:56:26 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=team.neustar; h=from : to : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=team-neustar; bh=r+XTYyExaEvT6zmzUluwQ/9kJikXIUDlK/sfYtpoHtM=; b=oBjkp/EI2hCFb5xQW3cmy/GbQH4SeNEv181FkWaDf8QBZ7mOjkQE4Li/Kr8zKbFbcg1i osYP/RK//J0D6SrKmIDjz3VnJudWBMQn8xuGa3fK5NcZMqDpzHF6WZ+Ith3xBBn0/x3k c3glx6dC4swqEs8mRbSt60wA0pAJYFw+g1XQSch7jJ+UOzYsbdovLLA1iB+iG2Jtusvy H4gS1psI+O6IvUbUmmdp58DrvBhps350DAFmVgaDZHv9dZqSafnSq+m4pCWTNGepEAsu 94a/e0wso7dQuJUbiCUVv/ot929n7B1AM57cQO2ZptDzLZo6aURk4YCb+tfPuGbEC3QX aQ==
Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-0018ba01.pphosted.com with ESMTP id 32n5dr2huw-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <stir@ietf.org>; Wed, 05 Aug 2020 11:56:24 -0400
Received: from m0078664.ppops.net (m0078664.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.36/8.16.0.36) with SMTP id 075FuLaf022132 for <stir@ietf.org>; Wed, 5 Aug 2020 11:56:21 -0400
Received: from nam11-dm6-obe.outbound.protection.outlook.com (mail-dm6nam11lp2177.outbound.protection.outlook.com [104.47.57.177]) by mx0a-0018ba01.pphosted.com with ESMTP id 32n5dr2hug-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 05 Aug 2020 11:56:15 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bwkpWuZmBE397LHqi6G+YfH3cuX4gk2ka8z0gc8GnECxE3duKo3dnbd9HHUgHkuALpoWcuCM7febJANUIcuCzedJ+YbfrbiG1mVFh3Ht5KpLywByH/xAIZsvXTC2McGAprj7eL3muPK9o+2NHVFI+LBt26ncqMWCtP1x5sLsBlZb5e/rzlT30243Sq6mcv5NtTehRXOP0jYXLmvW+4YVwz+4x/Q+7G9jvf4w9MALhR6a7ugQu2Qj1auarDdqRGqqJt65fqdv88LrpG15ZL6aUi208xUva9dUfHpQo0QHYPW4X3jLs4B3N/Dn2B/VE+apSiP24z3E4rUznlOrucLpAQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5E1xGeUi7bVSMwviLjfprOPu8Gt5Kym/XTNjQeDdWXI=; b=YoOUaDvxSQqpfn7iA41C32E8vXBl1h5fbMEXBRmKFKT7BFlk727s7UhHSFOutg+7fYA2CmbXw9ggo901hjD2E3X0ORdF2Tpbq2+tcKvMv9Qu9nLO/LMoN9PENiZFVocJ0eBLU5H+f0ey7MDck3AaB6H+uz1oi3g07c5OHvkGKh0RR8uxaaLpEoDFT7qHNvQRKaIOHDHB0VTkD1B7651bfbHyDyYlGGpsIQM2DWJMpCE/fyZiSbwSEWEfeNnlPefcKq0WfdSARQZD1G/+Wet8tuKOVLRs1qTr43lTh/5QIhUoCn29spES3zqPHm5FRUorwSau+9Rhn9sr5LrknfvVxA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=team.neustar; dmarc=pass action=none header.from=team.neustar; dkim=pass header.d=team.neustar; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=neustar.onmicrosoft.com; s=selector1-neustar-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5E1xGeUi7bVSMwviLjfprOPu8Gt5Kym/XTNjQeDdWXI=; b=l8bo2JD9VlxsPnrYW7Jco3D91lSc66W14M4D9xcqnzDyd/0M+MxYr43benKm8vNRG2aWp2NAT+YmQxliyjv5pXCJITDUqRY27+hkhiucSQzTYgkFLKxQFymNzrlH6R7PjgB8ilffXW0JM3QEiV9v456BZ6PWfUJzmYzPGewHQWE=
Received: from BY5PR17MB3569.namprd17.prod.outlook.com (2603:10b6:a03:1b9::20) by BY5PR17MB3809.namprd17.prod.outlook.com (2603:10b6:a03:238::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3261.16; Wed, 5 Aug 2020 15:56:08 +0000
Received: from BY5PR17MB3569.namprd17.prod.outlook.com ([fe80::503b:2ce0:8d8b:6b15]) by BY5PR17MB3569.namprd17.prod.outlook.com ([fe80::503b:2ce0:8d8b:6b15%5]) with mapi id 15.20.3239.022; Wed, 5 Aug 2020 15:56:07 +0000
From: "Peterson, Jon" <jon.peterson@team.neustar>
To: Russ Housley <housley@vigilsec.com>, IETF STIR Mail List <stir@ietf.org>
Thread-Topic: [stir] WGLC: draft-ietf-stir-cert-delegation-03
Thread-Index: AQHWapyav6Uwc3LjkEeFoFQPTI8etqkpN0qA
Date: Wed, 05 Aug 2020 15:56:07 +0000
Message-ID: <DD95589F-F79B-4E14-B078-14B080F943BB@team.neustar>
References: <bb76518f-3373-1368-d2d2-0959f7894e2b@nostrum.com> <93A15472-939F-4688-9487-CB9A582105D1@vigilsec.com> <67063985-FCA9-4274-8A3E-6DAF4BB716F9@vigilsec.com>
In-Reply-To: <67063985-FCA9-4274-8A3E-6DAF4BB716F9@vigilsec.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.10.17.200615
authentication-results: vigilsec.com; dkim=none (message not signed) header.d=none;vigilsec.com; dmarc=none action=none header.from=team.neustar;
x-originating-ip: [108.208.24.189]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: de87d1dd-72a8-43aa-386e-08d839581114
x-ms-traffictypediagnostic: BY5PR17MB3809:
x-microsoft-antispam-prvs: <BY5PR17MB3809733BFBE77C2ACCA5F423E24B0@BY5PR17MB3809.namprd17.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Ce/Cjkdd/NkwjM8fqNVxOSDLwNk/+6X/8yr3flThg1mVHQl7/gTItTs9B6s68PuNl7hH12W9oUz/fdtz9es4pjr0JSGcDRl2vHM591AxilQv6jk2CvJRvybXG0oVyutm9XNYedUvmnweyhk0MMZqBZt1+Q56oLWyGttTNs3IWdOpvSSWFIzdsLnBcB9Eqw4KWTbLX8Ann4/LBoLiBS+fdteNV7UAAM8HYlP6DObCsb9uTbFFXELo0MDpvjmtIi4XfYi/KRJ+pEusIUturh3eeDZMPx+p0bK2gAANkgcRKbhHcHZwrMD/iuL6MCc/Qgu9Gm1BivoITjV44DIqiS2gb1QzBMfJBH+lbPnCoHjp8FcjbHCHlMjvUjtaUpnld5thFal0rWAtVIYxLSkYNFDwySx3/Je9bakSkOQuUy6g3+6Fb18SD7I1USC57NxG7nV3TMkCzvIuvvscYvqGO7OuDw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BY5PR17MB3569.namprd17.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(136003)(376002)(346002)(366004)(396003)(39860400002)(66556008)(76116006)(5660300002)(66946007)(64756008)(66476007)(66446008)(2906002)(71200400001)(478600001)(83380400001)(966005)(6512007)(186003)(6506007)(8936002)(110136005)(316002)(2616005)(6486002)(33656002)(86362001)(26005)(8676002)(46492007); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: Aeu4b/Y0YNu18Sg84F9cx9Cwk9DNRxrtWEXfxJDrd1XyQLOquoFLXzJmgJC08fja9tREeoHDqGuACmaT7dn7Cm20m+ZQHwnDy0Qonbl3DSJ9XuhcaMzatC5ZjiI24gaRIhADdjoI4MMkTqetKo7hbNnmKv3tbfFFV97/RP9dwRvuR/v3uyFCCwO6VQZbtX3UTm48csaXhQucFaooWC6D6cVHAp4EePR/UJ+Ohr7yn2OAZzAh86svob8ebG039i3jAW9jQz6VfLA3jwPvFauCmn5eboBUpi0bPjYB6aPbi7on6v40KBL9EjruEd0vqC31TUe3TymF/XU/62Q5Svs6xr6wsuXNlYPyFSws6bXV4wa0Bs59pbHrvgvWhBVqwqQNI1XvVQSTy3TyH3WWDUbEiE3QxJlMVffKLACUIOJZUHdQxNO7xvVKypKIapfrMA1pZmqQ+WaDUGmYsF/NlBWCJ9jfLu8s3Fd6OqSogk0RXCxGBKQPiP0QRlj68aaBAqGSiJMEtCOecOy3iWK2w1Pr5n2stp70lKfCX/+2mYXBmgQPR3BWD4UaFsktDbgnGq7BHF/CWOBG/f3+n5/Rv5EhCyUaV0HHrqH/DjV1Lsd0xktbUwxmMLaLdmHWd2AU7A5JjGAPlqK3jJXj9T0qv7idGg==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <2D0FF3E70C989F40980F7ED0DA40BF84@namprd17.prod.outlook.com>
X-OriginatorOrg: team.neustar
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BY5PR17MB3569.namprd17.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: de87d1dd-72a8-43aa-386e-08d839581114
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Aug 2020 15:56:07.7529 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 73a2bbc1-f307-47c4-8f94-5f379c68bc30
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 40IN+1zsQZNCHyn//gzkAekM/lHSCbMgSke4R3pw907/L9ILQ0CHStqXtQhtGfc42UN+3mqAUcimFvu+Zx2Qrh3ESZVnf7N0nxG1s3MLmF8=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR17MB3809
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-08-05_10:2020-08-03, 2020-08-05 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxscore=0 priorityscore=1501 spamscore=0 clxscore=1015 mlxlogscore=953 suspectscore=0 phishscore=0 bulkscore=0 lowpriorityscore=0 impostorscore=0 malwarescore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=2 engine=8.12.0-2006250000 definitions=main-2008050128
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/IxIYn3lnh0PsYurXIrn8z9wtVZs>
Subject: Re: [stir] WGLC: draft-ietf-stir-cert-delegation-03
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Aug 2020 15:56:32 -0000

Thanks Russ, we'll fix those on the way through IETF LC.

Jon Peterson
Neustar, Inc.

On 8/4/20, 1:19 PM, "stir on behalf of Russ Housley" <stir-bounces@ietf.org on behalf of housley@vigilsec.com> wrote:

    I reviewed draft-ietf-stir-cert-delegation-03 to see whether my comments against the previous version were resolved.  They were.
    
    While doing the review, I discovered two very minor editorial nits (see below).  This nits should not block progress to the IESG, but it should be fixed with any other comments that come up during IETF Last Call.
    
    Nit in Section 5.1, para 1.  The last sentence says:
    
       Authentication services SHOULD NOT use a
       delegate certificate without validating that its scope of authority
       is encompassed by that of its parent certificate, and if that
       certificate has a own parent, the entire certification path SHOULD be
       validated.
    
    It looks like you were interrupted while editing this sentence.  Please drop "own".
    
    In addition, there is an outdated reference; draft-ietf-acme-star has been published as RFC 8739.
    
    Russ
    
    _______________________________________________
    stir mailing list
    stir@ietf.org
    https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/stir__;!!N14HnBHF!ozUFQyL-T3fi26Ha-fUn4wU9g1rAR0yO2RwdHHv_wCjE5pvkF377IlNh4qY$

v2.23.0 | Report a Bug | By Email