[stir] Alexey Melnikov's No Objection on draft-ietf-stir-certificates-12: (with COMMENT)
Alexey Melnikov <aamelnikov@fastmail.fm> Thu, 23 March 2017 11:24 UTC
Return-Path: <aamelnikov@fastmail.fm>
X-Original-To: stir@ietf.org
Delivered-To: stir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id C7FD6129681; Thu, 23 Mar 2017 04:24:41 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Alexey Melnikov <aamelnikov@fastmail.fm>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-stir-certificates@ietf.org, Robert Sparks <rjsparks@nostrum.com>, stir-chairs@ietf.org, rjsparks@nostrum.com, stir@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.48.1
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <149026828180.22395.16713730674960521619.idtracker@ietfa.amsl.com>
Date: Thu, 23 Mar 2017 04:24:41 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/i8ELNaGewWDEdkQDorUo_yNfOWk>
Subject: [stir] Alexey Melnikov's No Objection on draft-ietf-stir-certificates-12: (with COMMENT)
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.22
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Mar 2017 11:24:42 -0000
Alexey Melnikov has entered the following ballot position for draft-ietf-stir-certificates-12: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-stir-certificates/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thank you for addressing my DISCUSS. The latest revision has introduced some minor errors which I don't think are intentional: 8. JWT Claim Constraints Syntax The subjects of certificates containing the JWT Claim Constraints certificate extension are specifies values for PASSporT claims that are permitted, values for PASSporT claims that are excluded, or both. The syntax of these claims is given in PASSporT; specifying new claims follows the procedures in [I-D.ietf-stir-passport] (Section 8.3). When a verifier is validating PASSporT claims, the JWT claim MUST contain permitted values, and MUST NOT contain excluded values. The non-critical JWT Claim Constraints certificate extension is included in the extension field of end entity certificates [RFC5280]. The extension is defined with ASN.1 [X.680][X.681][X.682] [X.683]. The above text lists "excluded" claims several times, but you removed excluded from the ASN.1: JWTClaimConstraint ::= SEQUENCE { claim IA5String, permitted SEQUENCE OF IA5String } So I think the text needs to be edited to be correct or you need to fix the ASN.1 In Section 9: ServiceProviderCodeList ::= SEQUENCE SIZE (1..3) OF IA%String Typo: IA5String
- [stir] Alexey Melnikov's No Objection on draft-ie… Alexey Melnikov