IETF Logo Mail Archive

Re: [Trans] overview of remaining(?) DISCUSS items for draft-ietf-trans-rfc6962-bis-33

Rob Stradling <rob@sectigo.com> Wed, 25 September 2019 11:16 UTC

Return-Path: <rob@sectigo.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 508E5120120 for <trans@ietfa.amsl.com>; Wed, 25 Sep 2019 04:16:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=comodoca.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rdciO3FnCkVK for <trans@ietfa.amsl.com>; Wed, 25 Sep 2019 04:16:09 -0700 (PDT)
Received: from NAM03-BY2-obe.outbound.protection.outlook.com (mail-eopbgr780049.outbound.protection.outlook.com [40.107.78.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0508212010C for <trans@ietf.org>; Wed, 25 Sep 2019 04:16:08 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=gXjKi9JdTmiGb8+ADFw+17RlA3x7O4RwzFZgZ417GraA9I2tai0Bu50iAh46Mbvj0ex6aCxMsRM802hRyTaLdYwPzrtJfQ7BjJvVXhpRlNzyqJLwcpePDaPVUSWJlc3M3huwMsh6q/huBXv3L/buh/INqzIqxQxEk+5HNZBqJVu/IP9MMZ/8z/VM8Spfn/wECZuUyQj1G/1nMR+Kzjn6TZ+wKrwwBafGgRfVtxyI8mcqMxFVCFtHWTwYwJb1RQ/LXbhdsLq/EE5E5UC4pec2mUH4d71YZy2SZ0ZW1nHhNSAtReePEHO5RXqxl2+x5NO2lFPgUCA5/KLrwA0hipbD0A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=sg+LvZgNwT4Il2U0Q8zILEeJ0AoAEPTK0Io6vNOuw/o=; b=di3DnTwi/7mu4bCjwxlSdac34qpkf485Vqx+OD28OPjAd7TdnfgQ6A9B1JStjVzHaiQNa3dFEeT6OTCuWojxDuf1CzaLZwQquXRbgdbCILsUSmbT5ArZZkHcQIet3g++TRAmKWV8ZBibJXqSshhw5ZZIY5rLcyYK0qjViF4q5C4+G5BfCyDeUZjDn89SlNxFoaz3qVhpBbXKAMHAb92yNMV04GGEAeLiX5C8IRtHM6ZLSOmmJa1krNlkZbgO+vxsE3D66DxpgZsGJ3yD0yTGRkKL57yjgFis06RniJUS9SQnwfYP0EIRlnj1YohX4V5dHC74vDbPoycbuTFCEvznWQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=sectigo.com; dmarc=pass action=none header.from=sectigo.com; dkim=pass header.d=sectigo.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comodoca.onmicrosoft.com; s=selector2-comodoca-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=sg+LvZgNwT4Il2U0Q8zILEeJ0AoAEPTK0Io6vNOuw/o=; b=KxaiSQWEW72Mdwcac3vwRI2xG3eCgYSJfwZ6Mh5r0PPk06b0m85e67GRhxAcigVLYGC0/mauxl8Pj+ObxiAVpr+c4v9YNciKlLydRRwnqMC33mbVvSoMEkwVQVkkK1gMCZqYoHC1+QBTFHjuRP0USBoeJg3cGgFxadDar5hv8YU=
Received: from DM6PR17MB3162.namprd17.prod.outlook.com (20.176.124.223) by DM6PR17MB2825.namprd17.prod.outlook.com (20.178.226.155) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2284.23; Wed, 25 Sep 2019 11:16:07 +0000
Received: from DM6PR17MB3162.namprd17.prod.outlook.com ([fe80::dc78:38ff:9fc6:58cf]) by DM6PR17MB3162.namprd17.prod.outlook.com ([fe80::dc78:38ff:9fc6:58cf%3]) with mapi id 15.20.2284.023; Wed, 25 Sep 2019 11:16:06 +0000
From: Rob Stradling <rob@sectigo.com>
To: Paul Wouters <paul@nohats.ca>, Andrew Ayer <agwa@andrewayer.name>
CC: Alissa Cooper <alissa@cooperw.in>, Trans <trans@ietf.org>
Thread-Topic: [Trans] overview of remaining(?) DISCUSS items for draft-ietf-trans-rfc6962-bis-33
Thread-Index: AQHVblRQ0CWg5MVGO0ywZM7RXIf1a6czBmsAgAApD4CABg+gAIAAkfwAgADwIYCAAF/EgIABJ5cA
Date: Wed, 25 Sep 2019 11:16:06 +0000
Message-ID: <2fa45a40-c12c-4d85-a0ab-17c83fdd2443@sectigo.com>
References: <alpine.LRH.2.21.1909181506160.11898@bofh.nohats.ca> <b6ec6a38-a4c2-64b4-0584-d13deead2605@sectigo.com> <alpine.LRH.2.21.1909191211080.29314@bofh.nohats.ca> <4632c221-c207-72c4-83c3-ecc8dcbf2ba7@sectigo.com> <alpine.LRH.2.21.1909231733480.23118@bofh.nohats.ca> <20190924075519.6a9daab1def6475bd26e5370@andrewayer.name> <alpine.LRH.2.21.1909241335180.9491@bofh.nohats.ca>
In-Reply-To: <alpine.LRH.2.21.1909241335180.9491@bofh.nohats.ca>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-clientproxiedby: LO2P265CA0432.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:a0::36) To DM6PR17MB3162.namprd17.prod.outlook.com (2603:10b6:5:192::31)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=rob@sectigo.com;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [2a0e:ac00:25d:300:f68e:38ff:fe7a:a226]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 01a25c38-68c9-4c59-24e5-08d741a9c288
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600167)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:DM6PR17MB2825;
x-ms-traffictypediagnostic: DM6PR17MB2825:
x-ms-exchange-purlcount: 1
x-microsoft-antispam-prvs: <DM6PR17MB2825C555AEE5D0386FD42C77AA870@DM6PR17MB2825.namprd17.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 01713B2841
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39850400004)(366004)(346002)(376002)(136003)(396003)(189003)(199004)(6246003)(229853002)(6116002)(31696002)(71200400001)(71190400001)(2616005)(478600001)(66556008)(64756008)(66446008)(86362001)(966005)(14454004)(66946007)(8936002)(446003)(11346002)(25786009)(6436002)(8676002)(476003)(31686004)(66476007)(2906002)(5660300002)(6486002)(256004)(14444005)(76176011)(305945005)(6506007)(36756003)(53546011)(54906003)(386003)(102836004)(81166006)(81156014)(4326008)(316002)(110136005)(486006)(46003)(52116002)(99286004)(7736002)(6306002)(6512007)(186003); DIR:OUT; SFP:1101; SCL:1; SRVR:DM6PR17MB2825; H:DM6PR17MB3162.namprd17.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: sectigo.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: EZRGZk4yGDpisO+o2jwi4ST+ww3WFfbIE5ASb9w+UsIdUB0n2KaWJzTouGAQDAgpbXiFo433CBuZan/TWJH0CHlmNvlok8tibBPywFw8mKl6IbtQZJ5OzAzyO8BOrRSACHrzO26hAYW4XSalkIJPr5B/fB9drS3XqF5pXV5TAHmbVn3urA5oiTR8OWxCxVz2RYpNTE/jJPOYb8qR8WWo6bLge1d6UxfD082BTWpTZ0mdiotOJluBAjAPv1gwDLqW/mkgErgpXBG03V4NS4LmP2JNBMIEmOqK906IHpZSGOG68vuNMwiadwxCZvT/fXSThJA3LT+HhQEfmKAIa31UR01/8EH0oqZ143DDdXkZwy8e4MtBcLP+X+TfMSyBknKgAvy87BogzQ+DZgp2sgdJHcrUe2y92Ud6KtkJCHELI58+Ma5LgCvkyqKRvkHDEFHMQBZAhOs6VVZAXRI7LDRFXQ==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <5438633695EC444CBBCD04B7BC68BE1E@namprd17.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: sectigo.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 01a25c38-68c9-4c59-24e5-08d741a9c288
X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Sep 2019 11:16:06.7603 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 0e9c4894-6caa-465d-9660-4b6968b49fb7
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: o8Sr8rNtTZIxoQi6TDhPSuXb4yNyB8v4Ks03TM/BpJgr88J7MdHcKvejDXzameDOCvqejyfAXz4NLpKgZ9vO/A==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR17MB2825
Archived-At: <https://mailarchive.ietf.org/arch/msg/trans/1D4BxFv1-c98vb1deFjwc736FAQ>
Subject: Re: [Trans] overview of remaining(?) DISCUSS items for draft-ietf-trans-rfc6962-bis-33
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Sep 2019 11:16:12 -0000

On 24/09/2019 18:38, Paul Wouters wrote:
> On Tue, 24 Sep 2019, Andrew Ayer wrote:
> 
>>> While I agree with you, I am just a WG chair. So we need to hear a few
>>> more opinions of people and then if there is a consensus, we can go
>>> ahead and make this change.
>>
>> I'm also not sure what "this change" would be, but I agree with the
>> other comments here that CT shouldn't provide a mechanism for logs to
>> change URL.
> 
> I meant the clarification text of Base URL change (verus a potential
> other consensus of text that would allow updating the base url)
> 
> I'm not sure what the policy is for declaring a registry append only.
> Maybe leave a comment in for IANA whether or not that needs text?

In -33, section 10.6.1 says:
   "Each application for the allocation of a Log ID MUST be accompanied
    by:
      - the Log's Base URL (see Section 4.1).
      - a Contact (including contact information), from whom further
        information can be obtained.
      - an Owner (including contact information), who is authorized to
        change this Log ID allocation."

I think we should fold "Owner" and "Contact" into just one field named 
"Log Operator", and clarify that the only part of a Log ID Registry 
entry that can be updated is the log operator's contact information.

Also, given that log operators are permitted to allocate Log IDs from 
other OID arcs (see section 4.4), ISTM that we also need to update 
section 4.1 to say that a log's Base URL is immutable.

Furthermore, ISTM that it would help to be explicit about the 
immutability of each and every log parameter.

Here's a PR that attempts to resolve all of the above:
https://github.com/google/certificate-transparency-rfcs/pull/314

> Or alternatively, in the text for the Expert Review, mention the
> registry is strictly append-only ?

There is no Expert Review text relating to the Log ID Registry.

-- 
Rob Stradling
Senior Research & Development Scientist
Sectigo Limited

v2.23.0 | Report a Bug | By Email