Re: [stir] I-D Action: draft-ietf-stir-certificates-17.txt
Russ Housley <housley@vigilsec.com> Sat, 16 December 2017 00:59 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EC4FC128896 for <stir@ietfa.amsl.com>; Fri, 15 Dec 2017 16:59:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qlL46jXAEZ_p for <stir@ietfa.amsl.com>; Fri, 15 Dec 2017 16:59:20 -0800 (PST)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 311321201FA for <stir@ietf.org>; Fri, 15 Dec 2017 16:59:20 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 9157D3005D9 for <stir@ietf.org>; Fri, 15 Dec 2017 19:59:19 -0500 (EST)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id kk1Sh3P30jtP for <stir@ietf.org>; Fri, 15 Dec 2017 19:59:18 -0500 (EST)
Received: from a860b60074bd.home (pool-108-45-101-150.washdc.fios.verizon.net [108.45.101.150]) by mail.smeinc.net (Postfix) with ESMTPSA id 890AA300293; Fri, 15 Dec 2017 19:59:18 -0500 (EST)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <CABkgnnXf01yfh2pfo+RqTjAfEr0KUGm1U=WFt0vHAZ=ScrWYHA@mail.gmail.com>
Date: Fri, 15 Dec 2017 19:59:17 -0500
Cc: IETF STIR Mail List <stir@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <C0CFC6CC-3BE1-4F3A-924E-BA1017941A17@vigilsec.com>
References: <151326691971.6099.4107849780973461328@ietfa.amsl.com> <7E30739D-C21C-466E-8C3A-8395171C253D@sn3rd.com> <CABkgnnXCizOyLkJzSR-MHo97O2feOiGXfOVFZeQPoNzj4m452g@mail.gmail.com> <07AB7CB1-E5A2-45EE-B90E-B11E6A04C018@sn3rd.com> <1AF855C9-7129-4098-A137-2CF6099A3A1C@vigilsec.com> <c03d5092-5646-0807-3e16-864aeeb3e413@alum.mit.edu> <333F2A6D-6CAF-4480-A448-06B76E1B397E@vigilsec.com> <CABkgnnXf01yfh2pfo+RqTjAfEr0KUGm1U=WFt0vHAZ=ScrWYHA@mail.gmail.com>
To: Martin Thomson <martin.thomson@gmail.com>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/zG5vOenEyeh2m5PUKAroYMkBgwI>
Subject: Re: [stir] I-D Action: draft-ietf-stir-certificates-17.txt
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 16 Dec 2017 00:59:22 -0000
> On Dec 15, 2017, at 6:08 PM, Martin Thomson <martin.thomson@gmail.com> wrote: > > On Fri, Dec 15, 2017 at 3:45 PM, Russ Housley <housley@vigilsec.com> wrote: >> To be clear, there is not a security issue here. "123" + 900 and "123" + 876 specify the same block of numbers. If a certificate issuer says "123" + 900, do we really want to reject the certificate as badly formed? > > Yup. > >> Does anyone have language to make "123" + 876 the preferred encoding? > > OLD: > count never > makes the number increase in length (i.e., a TelephoneNumberRange > with TelephoneNumber=10 with a count=91 will address numbers > 10-99); formally, given the inputs count and TelephoneNumber of > length D the end of the TelephoneNumberRange is: > MIN(TelephoneNumber + count, 10^D - 1). > NEW: > count MUST NOT make the number increase in length (i.e., a > TelephoneNumberRange > with TelephoneNumber=10 with a count=91 is invalid); formally, > given the inputs count and TelephoneNumber of > length D TelephoneNumber + count MUST be less than 10^D. > > That is, treat "123"+900 the same way you would a range with a > negative count "123"+(-10). Note, the ASN.1 syntax requires the count to be an INTEGER greater than 2. Russ
- [stir] I-D Action: draft-ietf-stir-certificates-1… internet-drafts
- Re: [stir] I-D Action: draft-ietf-stir-certificat… Sean Turner
- Re: [stir] I-D Action: draft-ietf-stir-certificat… Martin Thomson
- Re: [stir] I-D Action: draft-ietf-stir-certificat… Sean Turner
- Re: [stir] I-D Action: draft-ietf-stir-certificat… Sean Turner
- Re: [stir] I-D Action: draft-ietf-stir-certificat… Martin Thomson
- Re: [stir] I-D Action: draft-ietf-stir-certificat… Russ Housley
- Re: [stir] I-D Action: draft-ietf-stir-certificat… Paul Kyzivat
- Re: [stir] I-D Action: draft-ietf-stir-certificat… Russ Housley
- Re: [stir] I-D Action: draft-ietf-stir-certificat… Martin Thomson
- Re: [stir] I-D Action: draft-ietf-stir-certificat… Russ Housley
- Re: [stir] I-D Action: draft-ietf-stir-certificat… Russ Housley