IETF Logo Mail Archive

[stir] WGLC: draft-ietf-stir-cert-delegation-03

Russ Housley <housley@vigilsec.com> Tue, 04 August 2020 20:19 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C1E013A0AD6 for <stir@ietfa.amsl.com>; Tue, 4 Aug 2020 13:19:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4854mBtkkAYr for <stir@ietfa.amsl.com>; Tue, 4 Aug 2020 13:19:35 -0700 (PDT)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EEAF13A0A6D for <stir@ietf.org>; Tue, 4 Aug 2020 13:19:34 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 9B0CA300AF9 for <stir@ietf.org>; Tue, 4 Aug 2020 16:19:32 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id DoCoZa5d8p6l for <stir@ietf.org>; Tue, 4 Aug 2020 16:19:31 -0400 (EDT)
Received: from a860b60074bd.fios-router.home (pool-141-156-161-153.washdc.fios.verizon.net [141.156.161.153]) by mail.smeinc.net (Postfix) with ESMTPSA id 452CB300AAB for <stir@ietf.org>; Tue, 4 Aug 2020 16:19:31 -0400 (EDT)
From: Russ Housley <housley@vigilsec.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.15\))
Date: Tue, 04 Aug 2020 16:19:32 -0400
References: <bb76518f-3373-1368-d2d2-0959f7894e2b@nostrum.com> <93A15472-939F-4688-9487-CB9A582105D1@vigilsec.com>
To: IETF STIR Mail List <stir@ietf.org>
In-Reply-To: <93A15472-939F-4688-9487-CB9A582105D1@vigilsec.com>
Message-Id: <67063985-FCA9-4274-8A3E-6DAF4BB716F9@vigilsec.com>
X-Mailer: Apple Mail (2.3445.104.15)
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/SJkVaDIPxetOB70a5mD8c9Cv8dM>
Subject: [stir] WGLC: draft-ietf-stir-cert-delegation-03
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Aug 2020 20:19:37 -0000

I reviewed draft-ietf-stir-cert-delegation-03 to see whether my comments against the previous version were resolved.  They were.

While doing the review, I discovered two very minor editorial nits (see below).  This nits should not block progress to the IESG, but it should be fixed with any other comments that come up during IETF Last Call.

Nit in Section 5.1, para 1.  The last sentence says:

   Authentication services SHOULD NOT use a
   delegate certificate without validating that its scope of authority
   is encompassed by that of its parent certificate, and if that
   certificate has a own parent, the entire certification path SHOULD be
   validated.

It looks like you were interrupted while editing this sentence.  Please drop "own".

In addition, there is an outdated reference; draft-ietf-acme-star has been published as RFC 8739.

Russ

v2.23.0 | Report a Bug | By Email