[stir] Alexey Melnikov's No Objection on draft-ietf-stir-certificates-12: (with COMMENT)

Alexey Melnikov <aamelnikov@fastmail.fm> Thu, 23 March 2017 11:24 UTC

Return-Path: <aamelnikov@fastmail.fm>
X-Original-To: stir@ietf.org
Delivered-To: stir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id C7FD6129681; Thu, 23 Mar 2017 04:24:41 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Alexey Melnikov <aamelnikov@fastmail.fm>
To: "The IESG" <iesg@ietf.org>
Cc: draft-ietf-stir-certificates@ietf.org, Robert Sparks <rjsparks@nostrum.com>, stir-chairs@ietf.org, rjsparks@nostrum.com, stir@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.48.1
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <149026828180.22395.16713730674960521619.idtracker@ietfa.amsl.com>
Date: Thu, 23 Mar 2017 04:24:41 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/i8ELNaGewWDEdkQDorUo_yNfOWk>
Subject: [stir] Alexey Melnikov's No Objection on draft-ietf-stir-certificates-12: (with COMMENT)
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.22
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Mar 2017 11:24:42 -0000

Alexey Melnikov has entered the following ballot position for
draft-ietf-stir-certificates-12: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)

Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.

The document, along with other ballot positions, can be found here:


Thank you for addressing my DISCUSS. The latest revision has introduced
some minor errors which I don't think are intentional:

8.  JWT Claim Constraints Syntax

   The subjects of certificates containing the JWT Claim Constraints
   certificate extension are specifies values for PASSporT claims that
   are permitted, values for PASSporT claims that are excluded, or
   The syntax of these claims is given in PASSporT; specifying new
   claims follows the procedures in [I-D.ietf-stir-passport]
   (Section 8.3).  When a verifier is validating PASSporT claims, the
   JWT claim MUST contain permitted values, and MUST NOT contain
   excluded values.  The non-critical JWT Claim Constraints certificate
   extension is included in the extension field of end entity
   certificates [RFC5280].  The extension is defined with ASN.1
   [X.680][X.681][X.682] [X.683].

The above text lists "excluded" claims several times, but you removed
excluded from the ASN.1:

    JWTClaimConstraint ::= SEQUENCE {
      claim IA5String,
      permitted SEQUENCE OF IA5String

 So I think the text needs to be edited to be correct or you need to fix
the ASN.1

In Section 9:

ServiceProviderCodeList ::= SEQUENCE SIZE (1..3) OF	

Typo: IA5String