[Trans] Summary of DISCUSS items for draft-ietf-trans-rfc6962-bis
Roman Danyliw <rdd@cert.org> Mon, 24 February 2020 20:44 UTC
Return-Path: <rdd@cert.org>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D3E43A12C5 for <trans@ietfa.amsl.com>; Mon, 24 Feb 2020 12:44:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cert.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BTrfpNOpPthb for <trans@ietfa.amsl.com>; Mon, 24 Feb 2020 12:44:37 -0800 (PST)
Received: from veto.sei.cmu.edu (veto.sei.cmu.edu [147.72.252.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AC7423A12C7 for <trans@ietf.org>; Mon, 24 Feb 2020 12:44:37 -0800 (PST)
Received: from delp.sei.cmu.edu (delp.sei.cmu.edu [10.64.21.31]) by veto.sei.cmu.edu (8.14.7/8.14.7) with ESMTP id 01OKiajm037546 for <trans@ietf.org>; Mon, 24 Feb 2020 15:44:36 -0500
DKIM-Filter: OpenDKIM Filter v2.11.0 veto.sei.cmu.edu 01OKiajm037546
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cert.org; s=yc2bmwvrj62m; t=1582577076; bh=QzcyGeDkekvvqavViadq6gqgBxpLZG+sZsS7dsIHY1w=; h=From:To:Subject:Date:From; b=AMW1+mK5tzDjUCeCpA6SJ69suIrTzwqzXDfAEAfS/XRVgivhR7Nzf8UolHq/LKHre /PGuhWptbTMimrrl/K/b0Y/ssY5iXqSGPv942InNMhxGnIwFUDxhIdD8GlVJeNPU84 D2JrK0VYXrupjcJuWbjoB1Nhd3GK3H9Hi4L2H0Mg=
Received: from CASSINA.ad.sei.cmu.edu (cassina.ad.sei.cmu.edu [10.64.28.249]) by delp.sei.cmu.edu (8.14.7/8.14.7) with ESMTP id 01OKiYmp038470 for <trans@ietf.org>; Mon, 24 Feb 2020 15:44:34 -0500
Received: from MARCHAND.ad.sei.cmu.edu ([10.64.28.251]) by CASSINA.ad.sei.cmu.edu ([10.64.28.249]) with mapi id 14.03.0468.000; Mon, 24 Feb 2020 15:44:34 -0500
From: Roman Danyliw <rdd@cert.org>
To: "trans@ietf.org" <trans@ietf.org>
Thread-Topic: Summary of DISCUSS items for draft-ietf-trans-rfc6962-bis
Thread-Index: AdXrTUfm8XWVAz9CSdW38cgkiAaelg==
Date: Mon, 24 Feb 2020 20:44:33 +0000
Message-ID: <359EC4B99E040048A7131E0F4E113AFC0216F4C1D7@marchand>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.64.22.6]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/trans/99z1vzydfaF8iwN0a5lOa88Bq4k>
Subject: [Trans] Summary of DISCUSS items for draft-ietf-trans-rfc6962-bis
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Feb 2020 20:44:39 -0000
Hi! I just balloted YES with a few comments on draft-ietf-trans-rfc6962-bis. To follow-up on Paul's earlier summary [1], I saw that some discussion has occurred in response to the IESG ballot but wanted to check-in with the authors on the disposition of addressing the remaining DISCUSS items. [1] https://mailarchive.ietf.org/arch/msg/trans/9zGMHr_Fu1EefWbvthvqSANl3nA/ ==[ Ben Kaduk From: https://mailarchive.ietf.org/arch/msg/trans/2Sc26GMFwQnTRl5DEEk_-51ABFU/ Item #1 Sections 4.11 and 4.12 have arrays of NodeHash to carry consistency and inclusion proofs, respectively, with minimum array size of 1. However, Sections 2.1.4.1 and 2.1.3.1 (respectively) seem to admit the possibility of zero-length proofs in degenerate cases, which the aforementioned protocol description language forbids the conveyance of. (Section 5.3 explicitly requires the use of an empty consistency proof.) Do those minimum array sizes need to be (implicit) zero? (If they do not, it seems that a minimum size of 32 would have the same effect as that of one, since a NodeHash has minimum size 32.) Item #2 In Section 6: o An Online Certificate Status Protocol (OCSP) [RFC6960] response extension (see Section 7.1.1), where the OCSP response is provided in the "CertificateStatus" message, provided that the TLS client included the "status_request" extension in the (extended) "ClientHello" (Section 8 of [RFC6066]). [...] This is not quite a TLS 1.3-compliant formulation -- TLS 1.3 does not use the "CertificateStatus message", but rather uses the encoding of that structure in a status_request extension in the CertificateEntry. draft-ietf-trans-rfc6962-bis === ==[ Mirja Kühlewind From: https://mailarchive.ietf.org/arch/msg/trans/0R9dKzZ4h2bLQX4pyHqwdA4uVdo/ There was a presentation at maprg IETF 103 about the question if CT helps attackers to find new domains. I think this risk should at least be mentioned in the security considerations section. [Roman] Pending review by Mirja. Section 11.6 was added. === ==[ Alexey Melnikov From: https://mailarchive.ietf.org/arch/msg/trans/qiURoDHiWrP1l7X3WY9RRvYrWFg/ 5. Log Client Messages type: A URN reference identifying the problem. To facilitate automated response to errors, this document defines a set of standard tokens for use in the "type" field, within the URN namespace of: "urn:ietf:params:trans:error:". I think you need to register this in <https://www.iana.org/assignments/params/params.xhtml#params-1> === Regards, Roman
- [Trans] Summary of DISCUSS items for draft-ietf-t… Roman Danyliw
- Re: [Trans] Summary of DISCUSS items for draft-ie… Roman Danyliw
- Re: [Trans] Summary of DISCUSS items for draft-ie… Salz, Rich
- Re: [Trans] Summary of DISCUSS items for draft-ie… Roman Danyliw
- Re: [Trans] Summary of DISCUSS items for draft-ie… Salz, Rich
- Re: [Trans] Summary of DISCUSS items for draft-ie… Salz, Rich
- Re: [Trans] Summary of DISCUSS items for draft-ie… Roman Danyliw
- Re: [Trans] Summary of DISCUSS items for draft-ie… Paul Wouters
- Re: [Trans] Summary of DISCUSS items for draft-ie… Salz, Rich
- Re: [Trans] Summary of DISCUSS items for draft-ie… Roman Danyliw