Re: [Trans] Use of private OIDs in WG document
Russ Housley <housley@vigilsec.com> Sun, 29 March 2015 16:01 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8BD831ACCED for <trans@ietfa.amsl.com>; Sun, 29 Mar 2015 09:01:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100
X-Spam-Level:
X-Spam-Status: No, score=-100 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, HTML_MESSAGE=0.001, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id APq4W6DYZWjf for <trans@ietfa.amsl.com>; Sun, 29 Mar 2015 09:01:36 -0700 (PDT)
Received: from odin.smetech.net (x-bolt-wan.smeinc.net [209.135.219.146]) by ietfa.amsl.com (Postfix) with ESMTP id AB7771ACCE8 for <trans@ietf.org>; Sun, 29 Mar 2015 09:01:36 -0700 (PDT)
Received: from localhost (unknown [209.135.209.5]) by odin.smetech.net (Postfix) with ESMTP id 584C59A4046; Sun, 29 Mar 2015 12:01:26 -0400 (EDT)
X-Virus-Scanned: amavisd-new at smetech.net
Received: from odin.smetech.net ([209.135.209.4]) by localhost (ronin.smeinc.net [209.135.209.5]) (amavisd-new, port 10024) with ESMTP id 2U+raZc8id92; Sun, 29 Mar 2015 12:01:03 -0400 (EDT)
Received: from [5.5.33.53] (vpn.snozzages.com [204.42.252.17]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by odin.smetech.net (Postfix) with ESMTP id DA0379A403F; Sun, 29 Mar 2015 12:01:02 -0400 (EDT)
Mime-Version: 1.0 (Apple Message framework v1085)
Content-Type: multipart/alternative; boundary="Apple-Mail-63-513563749"
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <551638A0.5060007@openca.org>
Date: Sun, 29 Mar 2015 12:00:45 -0400
Message-Id: <D7A1D4A7-AF13-4116-B6D1-4AE71D55DF5D@vigilsec.com>
References: <9A043F3CF02CD34C8E74AC1594475C73AAFB6418@uxcn10-5.UoA.auckland.ac.nz> <C961CE34-4F55-4B11-86D7-1566B701911D@seantek.com> <5512C9C7.70202@comodo.com> <55159714.1070902@openca.org> <5515EB25.2090206@openca.org> <2ebf955d99414800bfefd7a6edd814dd@usma1ex-dag1mb2.msg.corp.akamai.com> <551638A0.5060007@openca.org>
To: Massimiliano Pala <director@openca.org>
X-Mailer: Apple Mail (2.1085)
Archived-At: <http://mailarchive.ietf.org/arch/msg/trans/AKfsVy68d1M8P-jnmY9asiJ0_7I>
Cc: trans@ietf.org
Subject: Re: [Trans] Use of private OIDs in WG document
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 29 Mar 2015 16:01:38 -0000
In this case, the document was published with OIDs from a non-IETF OID arc long ago. I see no reason to disrupt those implementations, and in fact, having two OIDs with exactly the same semantics is confusing. If new OIDs are needed, we ought to assign them from an IETF arc managed by IANA. Russ On Mar 28, 2015, at 1:14 AM, Massimiliano Pala wrote: > Hi Rich, > > I do not think there is any precedence about using private OIDs for I-Ds - the use of Google's OIDs is ok at Google, not for a standard. The first reason is because Google's controls its own sub-tree and can change the sub tree at any time - not appropriate for an RFC. The second reason is that, since the document is defining extensions for certificates and OCSP messages (both under PKIX), the natural place is actually under PKIX. > > I also want to point out that OIDs are not just opaque identifiers - if that was the case, we would not use a hierarchical structure. The sub-tree where the OID is is actually important. > > This said, I have two questions for you: > Why this would not be the appropriate base OID ? > Which base OID are you referring to when you say "under IETF" ? > Cheers, > Max > > > On 3/27/15 10:58 PM, Salz, Rich wrote: >> OID’s are just distributed opaque identifiers. Doesn’t bother me, but if the WG wants to change OID’s and break deployed software, go for it >> >> It will might be hard to get a PKIX arc. A Trans arc under IETF seems more feasible. >> >> -- >> Senior Architect, Akamai Technologies >> IM: richsalz@jabber.at Twitter: RichSalz >> >> >> _______________________________________________ >> Trans mailing list >> Trans@ietf.org >> https://www.ietf.org/mailman/listinfo/trans > > _______________________________________________ > Trans mailing list > Trans@ietf.org > https://www.ietf.org/mailman/listinfo/trans
- Re: [Trans] [pkix] a question of cert (and OCSP) … Manger, James
- Re: [Trans] [pkix] a question of cert (and OCSP) … Massimiliano Pala
- Re: [Trans] [pkix] a question of cert (and OCSP) … Melinda Shore
- Re: [Trans] [pkix] a question of cert (and OCSP) … Massimiliano Pala
- Re: [Trans] [pkix] a question of cert (and OCSP) … Salz, Rich
- [Trans] Use of private OIDs in WG document Massimiliano Pala
- Re: [Trans] [pkix] a question of cert (and OCSP) … Leif Johansson
- Re: [Trans] Use of Private OIDs in WG document (R… Melinda Shore
- [Trans] Use of Private OIDs in WG document (Re: [… Massimiliano Pala
- Re: [Trans] Use of private OIDs in WG document Russ Housley
- Re: [Trans] Use of private OIDs in WG document Rob Stradling
- Re: [Trans] Use of private OIDs in WG document Russ Housley
- Re: [Trans] Use of Private OIDs in WG document (R… Nico Williams
- Re: [Trans] [pkix] a question of cert (and OCSP) … Salz, Rich
- Re: [Trans] [pkix] a question of cert (and OCSP) … Warren Kumari