IETF Logo Mail Archive

Re: [Trans] Adam Roach's Discuss on draft-ietf-trans-rfc6962-bis-31: (with DISCUSS and COMMENT)

Eric Rescorla <ekr@rtfm.com> Wed, 13 March 2019 13:28 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8C550130ECF for <trans@ietfa.amsl.com>; Wed, 13 Mar 2019 06:28:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.001
X-Spam-Level:
X-Spam-Status: No, score=0.001 tagged_above=-999 required=5 tests=[DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZnIZupVPQehz for <trans@ietfa.amsl.com>; Wed, 13 Mar 2019 06:28:43 -0700 (PDT)
Received: from mail-lj1-x229.google.com (mail-lj1-x229.google.com [IPv6:2a00:1450:4864:20::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D0FB4130DCB for <trans@ietf.org>; Wed, 13 Mar 2019 06:28:42 -0700 (PDT)
Received: by mail-lj1-x229.google.com with SMTP id z25so1554738ljk.8 for <trans@ietf.org>; Wed, 13 Mar 2019 06:28:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=IAF2N78o1TP4f9jUr/5MKu/23sruYaVKeee5of2xXB4=; b=1Sr2e9Y4u2+uf8M/h472XxHb6NmVk3tyWBFK8SiyNQPFaae8vkAvDkcVsgunCG91j1 MrIx3XmRKVPSkp/N8vZzunkHadC7yAI+CjBg8CHA18N2gyjpjcqsrl7fIeluRhMkgtYP jBkNzv7ZxnMHpEyB/fydG3A6FmXh1aWZf9viwogMIFq0fKNof6lLorYZe29/wZENoW9e gHJdSZ6ajtyhQ7yN7KC7rbPwyfC22g7RO1FiHPJTbOnH8M5LychOG9v2veP2oIIYTpnQ 2rtvfOQXIQ6B5QH4cznJfeOffuLn0owDQIPM9x7k8U8+q0SXKK6U6cz4U8SnhmID4ePd b7HA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=IAF2N78o1TP4f9jUr/5MKu/23sruYaVKeee5of2xXB4=; b=HN6B0r3v46LHwdE6MDfQ5D11o9WrjZvxjEPnzIievqYzHlW338C+dafDaKQl1YZ94u s9i2f3atxJO5OGd4SAImkmvE/a+TByjmXR1wrJOn3HBej3TYdVeyz2kKi/+EqI1ez5Cc Fp6kbdE2+vioFHDHT1nz26l38LVijxHkXZKhNWhRx0NIRjOfRjVizsZnhA8xVDNR/Sr0 /bDQiO2f1kCXSGJfATlExgEt8WaqlOpRTTiiTJ+QADTtzIPZwVoWp3hpgZ102ZlKlQbI CvDo4JqNvlBB8yMhLtyBJQ2XjuTycifP/SuvADJLrRauSww8AyqKSg+mfexnkD1OANhD ts5g==
X-Gm-Message-State: APjAAAUcbHF/BBSRT4rxMrK//BUTsQ5gu/TSAIZrO4LJ6kUzK7zTJ1gK b/54keqPB+xXNmd658ejZPSqNy3v4DT+JXhXVZ5rS+/o
X-Google-Smtp-Source: APXvYqyrXHc5NLVKvtuA5e08GGNoENmMuHuyP42M63GFxofWSsX6xOoRUKAixwb2kgUNFBvq2JOufPhEvphjwzu6CZM=
X-Received: by 2002:a2e:8e86:: with SMTP id z6mr5100994ljk.28.1552483720726; Wed, 13 Mar 2019 06:28:40 -0700 (PDT)
MIME-Version: 1.0
References: <155245900142.5466.15600148045977298644.idtracker@ietfa.amsl.com>
In-Reply-To: <155245900142.5466.15600148045977298644.idtracker@ietfa.amsl.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Wed, 13 Mar 2019 06:28:04 -0700
Message-ID: <CABcZeBNMt8y7EoFr3PXR84zPgvssp5=B2x7-7sQOb4wM_94RGg@mail.gmail.com>
To: Adam Roach via Datatracker <noreply@ietf.org>
Cc: The IESG <iesg@ietf.org>, draft-ietf-trans-rfc6962-bis@ietf.org, Paul Wouters <paul@nohats.ca>, Trans <trans@ietf.org>, trans-chairs@ietf.org
Content-Type: multipart/alternative; boundary="000000000000b19e8a0583f9c8e6"
Archived-At: <https://mailarchive.ietf.org/arch/msg/trans/_TovnKsZNdK5h_gtDjbzIivHkdw>
Subject: Re: [Trans] Adam Roach's Discuss on draft-ietf-trans-rfc6962-bis-31: (with DISCUSS and COMMENT)
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Mar 2019 13:28:46 -0000

On Tue, Mar 12, 2019 at 11:36 PM Adam Roach via Datatracker <
noreply@ietf.org> wrote:

> Adam Roach has entered the following ballot position for
> draft-ietf-trans-rfc6962-bis-31: Discuss
>
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
>
>
> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
> for more information about IESG DISCUSS and COMMENT positions.
>
>
> The document, along with other ballot positions, can be found here:
> https://datatracker.ietf.org/doc/draft-ietf-trans-rfc6962-bis/
>
>
>
> ----------------------------------------------------------------------
> DISCUSS:
> ----------------------------------------------------------------------
>
> Thanks to everyone who worked on updating this protocol to reflect
> experience
> gathered from the initial CT protocol. I have one blocking comment, and a
> small
> number of editorial suggestions.
>
> ---------------------------------------------------------------------------
>
> §5:
>
> >  Clients are configured with a base URL for a log and construct URLs
> >  for requests by appending suffixes to this base URL.  This structure
> >  places some degree of restriction on how log operators can deploy
> >  these services, as noted in [RFC7320].  However, operational
> >  experience with version 1 of this protocol has not indicated that
> >  these restrictions are a problem in practice.
>
> The synthesis of URLs by a protocol in this fashion is prohibited by BCP
> 190:
>
>    Scheme definitions define the presence, format, and semantics of a
>    path component in URIs; all other specifications MUST NOT constrain,
>    or define the structure or the semantics for any path component.
>
> Unless the intention of this document is to update BCP 190 to change this
> normative requirement, we can't publish it in its current form. Note that
> doing
> so would require a change of venue, as updates to BCP 190 would not be
> covered
> by the current TRANS charter.
>
> Please see BCP 190 section 3 for alternate approaches. All three approaches
> could be made to work for CT, and I would be happy to explain how to do so
> if
> clarification is desired.
>

While I agree that this is forbidden by BCP 190, this structure is
inherited from
RFC 6962, which predated 7320, so making that change seems like it's going
to be fairly disruptive. This seems like it is falling into our discussion
the other
day about what must be changed in -bis documents.

-Ekr


>
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
>
> §1.1:
>
> >  The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
> >  "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
> >  document are to be interpreted as described in [RFC2119].
>
> Consider using the boilerplate from RFC 8174.
>
> ---------------------------------------------------------------------------
>
> §1.3:
>
> >  This document revises and obsoletes the experimental CT 1.0 [RFC6962]
> >  protocol, drawing on insights gained from CT 1.0 deployments and on
> >  feedback from the community.
>
> Given that *this* document is also experimental, it seems a bit odd to
> call out
> RFC 6962 as experimental.
>
> ---------------------------------------------------------------------------
>
> §2.1.1:
>
> >  We have established a registry of acceptable hash algorithms (see
>
> The use of first person here is awkward. Consider: "This document
> establishes..."
>
> ---------------------------------------------------------------------------
>
> §10.2:
>
> >  | 0x01 - | Unassigned |                        | Specification      |
> >  | 0xDF   |            |                        | Required and       |
> >  |        |            |                        | Expert Review      |
>
> The policy being cited here is confusing. It is unclear whether the
> intention is
> that values can be registered under both §4.5 and §4.6 of RFC 8126. I
> suspect
> the intention here is the policy specified in RFC 8126 §4.6 only, without
> reference to the policy in §4.5. If so, please use the formal name
> "Specification Required."
>
> ---------------------------------------------------------------------------
>
> §10.4:
>
> >  | 0x0008 -    | Unassigned           | Specification Required and   |
> >  | 0xDFFF      |                      | Expert Review                |
>
> Same comment as above.
>
> ---------------------------------------------------------------------------
>
> §10.5:
>
> >  | 0x0000 -      | Unassigned | n/a | Specification Required and     |
> >  | 0xDFFF        |            |     | Expert Review                  |
>
> Same comment as above.
>
>
>

v2.23.0 | Report a Bug | By Email