IETF Logo Mail Archive

Re: [Trans] Summary of DISCUSS items for draft-ietf-trans-rfc6962-bis

Roman Danyliw <rdd@cert.org> Wed, 03 June 2020 16:14 UTC

Return-Path: <rdd@cert.org>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F1E663A0AD0 for <trans@ietfa.amsl.com>; Wed, 3 Jun 2020 09:14:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cert.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Mi3DyEH3BKE0 for <trans@ietfa.amsl.com>; Wed, 3 Jun 2020 09:14:35 -0700 (PDT)
Received: from veto.sei.cmu.edu (veto.sei.cmu.edu [147.72.252.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 870793A0855 for <trans@ietf.org>; Wed, 3 Jun 2020 09:14:14 -0700 (PDT)
Received: from delp.sei.cmu.edu (delp.sei.cmu.edu [10.64.21.31]) by veto.sei.cmu.edu (8.14.7/8.14.7) with ESMTP id 053GEDO5007708 for <trans@ietf.org>; Wed, 3 Jun 2020 12:14:13 -0400
DKIM-Filter: OpenDKIM Filter v2.11.0 veto.sei.cmu.edu 053GEDO5007708
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cert.org; s=yc2bmwvrj62m; t=1591200853; bh=62F0dd16yy45u3J3CzEw5SMcCplJNm6EvXNSu9zEFoA=; h=From:To:Subject:Date:References:In-Reply-To:From; b=LBNMe8Ae7r/rXptiKuGRqJsSPHldCAK+Okta08zXEzA+Ck54K5N4zgaXr2Pjswnrr zWBhMLMzHKiu6JG8ilSmrs4vi3MS3bywx3bs+hhv/S0XjpQVP7ASSyOMmUpOGCVo95 YidXCS7XoLBF/EOMqGR6TKuxnYR1z0aYbmRmg1b8=
Received: from CASCADE.ad.sei.cmu.edu (cascade.ad.sei.cmu.edu [10.64.28.248]) by delp.sei.cmu.edu (8.14.7/8.14.7) with ESMTP id 053GEA4W015497 for <trans@ietf.org>; Wed, 3 Jun 2020 12:14:10 -0400
Received: from MURIEL.ad.sei.cmu.edu (147.72.252.47) by CASCADE.ad.sei.cmu.edu (10.64.28.248) with Microsoft SMTP Server (TLS) id 14.3.487.0; Wed, 3 Jun 2020 12:14:10 -0400
Received: from MORRIS.ad.sei.cmu.edu (147.72.252.46) by MURIEL.ad.sei.cmu.edu (147.72.252.47) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1979.3; Wed, 3 Jun 2020 12:14:09 -0400
Received: from MORRIS.ad.sei.cmu.edu ([fe80::555b:9498:552e:d1bb]) by MORRIS.ad.sei.cmu.edu ([fe80::555b:9498:552e:d1bb%13]) with mapi id 15.01.1979.003; Wed, 3 Jun 2020 12:14:09 -0400
From: Roman Danyliw <rdd@cert.org>
To: Roman Danyliw <rdd@cert.org>, "trans@ietf.org" <trans@ietf.org>
Thread-Topic: Summary of DISCUSS items for draft-ietf-trans-rfc6962-bis
Thread-Index: AdXrTUfm8XWVAz9CSdW38cgkiAaelhOZ9Hfw
Date: Wed, 03 Jun 2020 16:14:09 +0000
Message-ID: <aff4b854accd4668a6441cd5c43c951e@cert.org>
References: <359EC4B99E040048A7131E0F4E113AFC0216F4C1D7@marchand>
In-Reply-To: <359EC4B99E040048A7131E0F4E113AFC0216F4C1D7@marchand>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.64.202.162]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/trans/B1tDkOqm5AKzygxwwOI5F84fSa4>
Subject: Re: [Trans] Summary of DISCUSS items for draft-ietf-trans-rfc6962-bis
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Jun 2020 16:14:44 -0000

Hi!

I'm checking in again. Inline ...

> -----Original Message-----
> From: Trans <trans-bounces@ietf.org> On Behalf Of Roman Danyliw
> Sent: Monday, February 24, 2020 3:45 PM
> To: trans@ietf.org
> Subject: [Trans] Summary of DISCUSS items for draft-ietf-trans-rfc6962-bis
> 
> Hi!
> 
> I just balloted YES with a few comments on draft-ietf-trans-rfc6962-bis.  To
> follow-up on Paul's earlier summary [1], I saw that some discussion has
> occurred in response to the IESG ballot but wanted to check-in with the authors
> on the disposition of addressing the remaining DISCUSS items.
> 
> [1]
> https://mailarchive.ietf.org/arch/msg/trans/9zGMHr_Fu1EefWbvthvqSANl3nA/
> 
> ==[ Ben Kaduk
> From: https://mailarchive.ietf.org/arch/msg/trans/2Sc26GMFwQnTRl5DEEk_-
> 51ABFU/
> 
> Item #1
> 
> Sections 4.11 and 4.12 have arrays of NodeHash to carry consistency and
> inclusion proofs, respectively, with minimum array size of 1.  However, Sections
> 2.1.4.1 and 2.1.3.1 (respectively) seem to admit the possibility of zero-length
> proofs in degenerate cases, which the aforementioned protocol description
> language forbids the conveyance of.
> (Section 5.3 explicitly requires the use of an empty consistency proof.) Do those
> minimum array sizes need to be (implicit) zero?
> (If they do not, it seems that a minimum size of 32 would have the same effect
> as that of one, since a NodeHash has minimum size 32.)
> 
> Item #2
> 
> In Section 6:
> 
>    o  An Online Certificate Status Protocol (OCSP) [RFC6960] response
>       extension (see Section 7.1.1), where the OCSP response is provided
>       in the "CertificateStatus" message, provided that the TLS client
>       included the "status_request" extension in the (extended)
>       "ClientHello" (Section 8 of [RFC6066]).  [...]
> 
> This is not quite a TLS 1.3-compliant formulation -- TLS 1.3 does not use the
> "CertificateStatus message", but rather uses the encoding of that structure in a
> status_request extension in the CertificateEntry.
> draft-ietf-trans-rfc6962-bis

I haven't seen discussion of Ben's DISCUSS feedback

> ===
> ==[ Mirja Kühlewind
> From:
> https://mailarchive.ietf.org/arch/msg/trans/0R9dKzZ4h2bLQX4pyHqwdA4uVdo
> /
> 
> There was a presentation at maprg IETF 103 about the question if CT helps
> attackers to find new domains. I think this risk should at least be mentioned in
> the security considerations section.
> 
> [Roman] Pending review by Mirja.  Section 11.6 was added.

Issue closed.  Mirja cleared her DISCUSS ballot.  Thanks for those updates in -33/-34.

> ===
> 
> ==[ Alexey Melnikov
> From:
> https://mailarchive.ietf.org/arch/msg/trans/qiURoDHiWrP1l7X3WY9RRvYrWFg
> /
> 
> 5.  Log Client Messages
> 
>    type:  A URN reference identifying the problem.  To facilitate
>       automated response to errors, this document defines a set of
>       standard tokens for use in the "type" field, within the URN
>       namespace of: "urn:ietf:params:trans:error:".
> 
> I think you need to register this in
> <https://www.iana.org/assignments/params/params.xhtml#params-1>
> ===

Murray has picked up this DISCUSS position from Alexey:
https://datatracker.ietf.org/doc/draft-ietf-trans-rfc6962-bis/ballot/#murray-kucherawy

Regards,
Roman

> Regards,
> Roman
> 
> _______________________________________________
> Trans mailing list
> Trans@ietf.org
> https://www.ietf.org/mailman/listinfo/trans

v2.23.0 | Report a Bug | By Email