IETF Logo Mail Archive

Re: [Trans] [pkix] a question of cert (and OCSP) extension syntax

Warren Kumari <warren@kumari.net> Mon, 30 March 2015 16:36 UTC

Return-Path: <warren@kumari.net>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 81CC21A1EFE for <trans@ietfa.amsl.com>; Mon, 30 Mar 2015 09:36:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Level:
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tkvYsSQR-Fdy for <trans@ietfa.amsl.com>; Mon, 30 Mar 2015 09:35:59 -0700 (PDT)
Received: from mail-wi0-f170.google.com (mail-wi0-f170.google.com [209.85.212.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A2CD71A1EF6 for <trans@ietf.org>; Mon, 30 Mar 2015 09:35:59 -0700 (PDT)
Received: by wiaa2 with SMTP id a2so137710460wia.0 for <trans@ietf.org>; Mon, 30 Mar 2015 09:35:58 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=jHoo1w8UNHbUo5EnJ/2Jgd7/8V7LPfTtyaz48WIC/eY=; b=LjiUJ34e9t7oD6AzYbL6YPegp/frhh7bRmMb311JW/JLeca+SffzixC+G+kzbwwuSZ aycBhOx6oo2N4gmiZtroOqYGe80YPXLtUEGqk6M5Oal/CqPC+FVcFNmdyQ3zbcwAxrd1 y/0fkxp3/zwgUm/QLtABOLrzCu5gVr1CRucDTGQHQLkWzr4P0OWImzJu6w7jX4uAh+Ny tNZfEgcAm0rZzYdyYe1ItyrTgxqUA9+XO0wk5LU5sS0ILxzYvwCaCyhCixTw6r5xo43l 1YXfa6kCSpAOJ1wofBLNBdWIt7AT7Us0ERaU3ZmAbcNUfJ4kwmy3gDGqYQSZvEaTVarV Dgug==
X-Gm-Message-State: ALoCoQl/BctSzsK++7b7gS8BHVd3/wQK2AMezI+8lKxgx9mPTyTaTvE/W+juOfKmpVoF2UXAZhUA
MIME-Version: 1.0
X-Received: by 10.194.63.16 with SMTP id c16mr66273547wjs.117.1427733358207; Mon, 30 Mar 2015 09:35:58 -0700 (PDT)
Received: by 10.194.110.97 with HTTP; Mon, 30 Mar 2015 09:35:58 -0700 (PDT)
In-Reply-To: <807d7643db7d451ea77a27966c7c571c@usma1ex-dag1mb2.msg.corp.akamai.com>
References: <9A043F3CF02CD34C8E74AC1594475C73AAFB6418@uxcn10-5.UoA.auckland.ac.nz> <C961CE34-4F55-4B11-86D7-1566B701911D@seantek.com> <5512C9C7.70202@comodo.com> <55159714.1070902@openca.org> <5515EB25.2090206@openca.org> <5515EFC5.6040908@gmail.com> <5515F65D.3000301@openca.org> <807d7643db7d451ea77a27966c7c571c@usma1ex-dag1mb2.msg.corp.akamai.com>
Date: Mon, 30 Mar 2015 11:35:58 -0500
Message-ID: <CAHw9_iLR0eDU=H-_7emL_RnkmgQktLKHWoBdP245COE+q74j=Q@mail.gmail.com>
From: Warren Kumari <warren@kumari.net>
To: "Salz, Rich" <rsalz@akamai.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/trans/g9p4-DMMJBrD606quv3u5RLxV70>
Cc: Massimiliano Pala <director@openca.org>, "trans@ietf.org" <trans@ietf.org>
Subject: Re: [Trans] [pkix] a question of cert (and OCSP) extension syntax
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Mar 2015 16:36:05 -0000

On Mon, Mar 30, 2015 at 11:18 AM, Salz, Rich <rsalz@akamai.com> wrote:
>> I am sorry but I disagree. This should have been fixed long time ago - no
>> Google private OIDs should have been put in a WG document in the first
>> place.
>
> Are you also bothered by the OID's in CMS S/MIME and other pkcs-derived RFC's?

... and the other N RFCs:
wkumari-macbookpro1:rfc-mirror wkumari$ grep '1.3.6.1.4' * | awk
'{print $1}' | sed 's/:.*//' | sort | uniq | wc -l
      99

Sure, some of those include lists of assigned numbers, but we also
have things like:
RFC2079 - Definition of an X.500 Attribute Type and an Object Class to
Hold Uniform Resource Identifiers (URIs) (umichAttributeType.57)
RFC2601 - ILMI-Based Server Discovery for ATMARP (ATM Forum Service
Registry - atmfSrvcRegATMARP)
RFC4511 - Lightweight Directory Access Protocol (LDAP): The Protocol
(using 1.3.6.1.4.1.1466.1.2.3 - The description for 1.3.6.1.1466 says:
"This is an OID assignment to the person Mark Wahl. Many of the LDAPv3
OIDs are assigned below this point.")

We have a history of doing this. World hasn't ended yet...

W


>
> At any rate,  Russ has already responded on the issue of existing OID's: leave as-is to avoid confusion and disrupting implementations.
>
>         /r$
>
> _______________________________________________
> Trans mailing list
> Trans@ietf.org
> https://www.ietf.org/mailman/listinfo/trans



-- 
I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.
   ---maf

v2.23.0 | Report a Bug | By Email