[Trans] Bad Technical Decision: Closing out the SCT encoding discussion
Russ Housley <housley@vigilsec.com> Fri, 13 March 2015 18:58 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0675C1A8ACA for <trans@ietfa.amsl.com>; Fri, 13 Mar 2015 11:58:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.9
X-Spam-Level:
X-Spam-Status: No, score=-103.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, GB_I_LETTER=-2, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7LmFk2AFOe9W for <trans@ietfa.amsl.com>; Fri, 13 Mar 2015 11:58:55 -0700 (PDT)
Received: from odin.smetech.net (x-bolt-wan.smeinc.net [209.135.219.146]) by ietfa.amsl.com (Postfix) with ESMTP id 1872F1A8AB6 for <trans@ietf.org>; Fri, 13 Mar 2015 11:58:55 -0700 (PDT)
Received: from localhost (unknown [209.135.209.5]) by odin.smetech.net (Postfix) with ESMTP id 903949A4030; Fri, 13 Mar 2015 14:58:44 -0400 (EDT)
X-Virus-Scanned: amavisd-new at smetech.net
Received: from odin.smetech.net ([209.135.209.4]) by localhost (ronin.smeinc.net [209.135.209.5]) (amavisd-new, port 10024) with ESMTP id kjz95nXuZhxq; Fri, 13 Mar 2015 14:58:43 -0400 (EDT)
Received: from [192.168.2.100] (pool-96-255-133-185.washdc.fios.verizon.net [96.255.133.185]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by odin.smetech.net (Postfix) with ESMTP id B413F9A401B; Fri, 13 Mar 2015 14:58:43 -0400 (EDT)
Mime-Version: 1.0 (Apple Message framework v1085)
Content-Type: text/plain; charset="us-ascii"
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <550257A0.8050401@gmail.com>
Date: Fri, 13 Mar 2015 14:58:32 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <B87AFA6C-2B9F-474C-AE0F-BF07829CD139@vigilsec.com>
References: <550257A0.8050401@gmail.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
X-Mailer: Apple Mail (2.1085)
Archived-At: <http://mailarchive.ietf.org/arch/msg/trans/9MZmgu4_0Pn-_H26M-_HRo_7FYA>
Cc: Paul Wouters <paul@nohats.ca>, trans@ietf.org, Melinda Shore <melinda.shore@gmail.com>
Subject: [Trans] Bad Technical Decision: Closing out the SCT encoding discussion
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Mar 2015 18:58:57 -0000
Stephen: I strongly disagree with this technical decision. The content of certificate extensions should be OCTET STRING wrapped ASN.1 structures, and I pointed out the text in RFC 2459 (that remains in RFC 5280) during this discussion. I am quite concerned with (4) listed below. I hope you will revisit this decision. Please treat this as the first step in the appeal of this technical decision. Russ On Mar 12, 2015, at 11:21 PM, Melinda Shore wrote: > Hi, all: > > We've been banging away on the SCT encoding issue for a year, > and we really must close it out. Paul and I have been doing due > diligence on the issue in the background. We made a concerted effort > to find technical problems with the current text that would exclude the > possibility of allowing it in the -bis document. Here's what we found: > > 1) The proposed encoding does not violate the letter of any > specification that we can find, > 2) Peter Gutmann said that it's not a good idea but it isn't > incorrect, > 3) We checked with the authors of several widely-used pieces of > certificate processing software and in every case that person > said that the proposed encoding would not cause problems with > their code, and > 4) We verified that the IETF security ADs would not reject the > encoding during IESG review > > Basically, in a nutshell, where we've landed is that while the current > encoding probably isn't the best idea ever, it doesn't violate any > specification that anybody could identify and it doesn't appear to > break anything. So, it's going to stand. We will not be revisiting > this issue unless new information is presented. This includes > discussion at the upcoming meeting in Dallas. > > Thanks, > > Melinda and Paul > > _______________________________________________ > Trans mailing list > Trans@ietf.org > https://www.ietf.org/mailman/listinfo/trans
- Re: [Trans] Bad Technical Decision: Closing out t… Paul Wouters
- Re: [Trans] Bad Technical Decision: Closing out t… Nico Williams
- [Trans] Closing out the SCT encoding discussion Melinda Shore
- [Trans] Bad Technical Decision: Closing out the S… Russ Housley
- Re: [Trans] Bad Technical Decision: Closing out t… Stephen Farrell
- Re: [Trans] Bad Technical Decision: Closing out t… Rob Stradling
- Re: [Trans] Bad Technical Decision: Closing out t… Russ Housley
- Re: [Trans] Bad Technical Decision: Closing out t… Stephen Farrell
- Re: [Trans] Bad Technical Decision: Closing out t… Russ Housley
- Re: [Trans] Bad Technical Decision: Closing out t… Rob Stradling
- Re: [Trans] Bad Technical Decision: Closing out t… Rob Stradling
- Re: [Trans] Bad Technical Decision: Closing out t… Stephen Farrell
- Re: [Trans] Bad Technical Decision: Closing out t… Erwann Abalea
- Re: [Trans] Bad Technical Decision: Closing out t… Nico Williams