Re: [stir] Kathleen Moriarty's No Objection on draft-ietf-stir-certificates-11: (with COMMENT) Thu, 03 November 2016 12:52 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id E1205129578; Thu, 3 Nov 2016 05:52:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Pa2rP4Sn2mBp; Thu, 3 Nov 2016 05:52:11 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:400d:c0d::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 573B712958E; Thu, 3 Nov 2016 05:52:11 -0700 (PDT)
Received: by with SMTP id l20so1670108qta.1; Thu, 03 Nov 2016 05:52:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=content-transfer-encoding:from:mime-version:subject:date:message-id :references:cc:in-reply-to:to; bh=O98k7Gsb6hYukNkOSvfKUlrLXheAnfLQtgcSD/sjZh0=; b=lA4E4mYQtNUGEIYkL+P9sGznViMgmcfhshfoJgSS9jaeaE2tGq4GofziqEEBE47JUR B0MHBb6v3NcO4DN9L840aP2yYBt5+uPEvFd9p/UKZ8yD83n1yFZibUolMawkOGlXQKOm sd3ujl/+ufTfz3zyHgQAK3rDKnhOrEv2S24YK8Zxwr0zqZK+LACDGZzMyZydxe9AsB2m t0O5UfF2zZshfiEJFJP7HhECMFTRW9IBI8T0AolYVzHm00fwA+mZ8YKybaVkcAgA3tFL GecswAsFkxtmFzcz/RRv7ix7SKmbapGS+lW8MQeJVyh0pCj4BTpZDGE4qoU/7PB/3YY5 efPQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20130820; h=x-gm-message-state:content-transfer-encoding:from:mime-version :subject:date:message-id:references:cc:in-reply-to:to; bh=O98k7Gsb6hYukNkOSvfKUlrLXheAnfLQtgcSD/sjZh0=; b=NG3N5MZx1dK5X619PUeFoH/trGQU5C/HDr/mRDM17eV8wqK/op8wG0/Gt7HGRpI2ux eUzjIhtx7CJquovD1AD5dp1nisjqAhmW8E1qv2rCCDp2WSg1IPyI0j4C9rBf5I6ecc2a I0bXfuzklgAv+eawvGXPu47D+W4wd9nLtmPS8mCbvVm774/Ut7zE7lFg6sQ9Y5Rn8Nib iKick39bKKZv8y6zPzrMkd37YvFkT11s/aUT3ZxPmhBQ9hae1ElHks2cPkTCnTDFDJ+H PJMF+v+nmEP6XJjpDyuvK6m1aqJ04u+D460iJQMMi22xKiwWwbebZ9HNHf5Twd9UPnu1 5p4w==
X-Gm-Message-State: ABUngvdOzIdtJNjAY9UD92kDm7Fu24HyBMO5OvYV0h11fXlZUJOhex3CpmBUrOEnaE0dqg==
X-Received: by with SMTP id 4mr7951470qtg.56.1478177530470; Thu, 03 Nov 2016 05:52:10 -0700 (PDT)
Received: from [] ( []) by with ESMTPSA id 8sm4309989qty.2.2016. (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 03 Nov 2016 05:52:10 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (1.0)
Date: Thu, 03 Nov 2016 08:52:06 -0400
Message-Id: <>
References: <> <>
In-Reply-To: <>
To: Sean Turner <>
X-Mailer: iPhone Mail (13G36)
Archived-At: <>
Cc:,, The IESG <>,, Robert Sparks <>
Subject: Re: [stir] Kathleen Moriarty's No Objection on draft-ietf-stir-certificates-11: (with COMMENT)
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Telephone Identity Revisited <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 03 Nov 2016 12:52:14 -0000

Hi Sean,

Please excuse typos, sent from handheld device 

> On Nov 2, 2016, at 9:01 PM, Sean Turner <> wrote:
>> On Nov 02, 2016, at 14:46, Kathleen Moriarty <> wrote:
>> Kathleen Moriarty has entered the following ballot position for
>> draft-ietf-stir-certificates-11: No Objection
>> When responding, please keep the subject line intact and reply to all
>> email addresses included in the To and CC lines. (Feel free to cut this
>> introductory paragraph, however.)
>> Please refer to
>> for more information about IESG DISCUSS and COMMENT positions.
>> The document, along with other ballot positions, can be found here:
>> ----------------------------------------------------------------------
>> ----------------------------------------------------------------------
>> Introduction: nit,
>>  Robocallers use impersonation as a means
>>  of obscuring identity; while robocallers can, in the ordinary PSTN,
>>  block (that is, withhold) their caller identity, callees are less
>>  likely to pick up calls from blocked identities, and therefore
>>  appearing to calling from some number, any number, is preferable.
>> s/appearing to calling/appearing to call/
>> Section 10.2.1:
>> I'm wondering why SHA-1 is described as follows instaed of
>> discouraged/not allowed ...
>> o  There is no requirement to support SHA-1, RSA with SHA-1, or DSA
>>     with SHA-1.
> This is really kind of a heads up/observation for implementers.  We didn’t think it necessary to fight the SHA-1 die-die-die fight to get this draft published.  In other words, this bullet could safely be dropped if it turns into a thing.

No problem, that's why I just had this as a comment.
>> I don't see any references to RFCs that update RFC5280, like RFC6818.  It
>> would be good to include these when 5280 is used for revocation methods
>> mentioned.  6818 is for CRLs.
> There’s only one RFC that updates 5280 - 6818 ;)  I guess this gets down to your philosophy on the updates header.  YMMV, but if an RFC updates a previous one then referring to the updated RFC really ought to pull in the all the updates because it’s expected that all implementations of the original RFC also implemented the updates.  Adding the additional references would be the cautious thing to do but I’m thinking it shouldn’t be required that we do that.  Also note we 2119-recommend OCSP :)

Ok, sounds good.  When I look at 5280, I didn't see a forward reference to the updates, hence this comment for developers not as familiar with RFCs.  It's just a comment, so I'm fine either way.

> spt