IETF Logo Mail Archive

Re: [Trans] picking up draft-ietf-trans-rfc6962-bis

"Salz, Rich" <rsalz@akamai.com> Thu, 22 April 2021 14:24 UTC

Return-Path: <rsalz@akamai.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3A6A13A0E43 for <trans@ietfa.amsl.com>; Thu, 22 Apr 2021 07:24:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lJgEPkd4MRm6 for <trans@ietfa.amsl.com>; Thu, 22 Apr 2021 07:23:59 -0700 (PDT)
Received: from mx0a-00190b01.pphosted.com (mx0a-00190b01.pphosted.com [IPv6:2620:100:9001:583::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 248663A0E4B for <trans@ietf.org>; Thu, 22 Apr 2021 07:23:58 -0700 (PDT)
Received: from pps.filterd (m0122332.ppops.net [127.0.0.1]) by mx0a-00190b01.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 13MEKcIb014241; Thu, 22 Apr 2021 15:23:53 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=jan2016.eng; bh=br6dR78JPF5Afnc5ljFaInRgXbivie/UeN2XMrf21sM=; b=ETp+0LpZFba4AK0mipnukf8Mbs1pUZf6T/tUq/ivZWG3IzMe4dpigVdMEHes8FDmVUMS C3lFG4CLYatjxLMr/cS0w8y2c3o8Mf6t3RYVmLimSn4VoAEYIRxgJFN5945tWuNZotx/ RMgu1Mks9n9kb7OGlSLkLng8mOILPwkriq9uywMlTYR0KIwZ0a46snBp1H1XXvYh29FI nVuoflLXL6J277k7d8et56OtZL6OExmajm0PmeIPjwIQGtH7sqsdK9M0EhAAU/p1XUOk QfeBTyO0mIHXbn/cBglB614mRanVokDCyXkPsGYKaCu9kPKPoO4e2npvdlsq+qfiNo0g ow==
Received: from prod-mail-ppoint2 (prod-mail-ppoint2.akamai.com [184.51.33.19] (may be forged)) by mx0a-00190b01.pphosted.com with ESMTP id 382xytm7jd-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 22 Apr 2021 15:23:53 +0100
Received: from pps.filterd (prod-mail-ppoint2.akamai.com [127.0.0.1]) by prod-mail-ppoint2.akamai.com (8.16.0.43/8.16.0.43) with SMTP id 13MEJ5Lk026902; Thu, 22 Apr 2021 10:23:51 -0400
Received: from email.msg.corp.akamai.com ([172.27.123.30]) by prod-mail-ppoint2.akamai.com with ESMTP id 382g9qjs0e-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 22 Apr 2021 10:23:51 -0400
Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com (172.27.123.101) by usma1ex-dag1mb4.msg.corp.akamai.com (172.27.123.104) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 22 Apr 2021 10:23:51 -0400
Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com ([172.27.123.101]) by usma1ex-dag1mb1.msg.corp.akamai.com ([172.27.123.101]) with mapi id 15.00.1497.015; Thu, 22 Apr 2021 10:23:51 -0400
From: "Salz, Rich" <rsalz@akamai.com>
To: Roman Danyliw <rdd@cert.org>
CC: Paul Wouters <paul@nohats.ca>, Trans <trans@ietf.org>
Thread-Topic: [Trans] picking up draft-ietf-trans-rfc6962-bis
Thread-Index: AQHXEcfPs44Rkhw0MUSVp3TeILoyvqp6SDaAgBrtkwCAK9XmgP//1vsA
Date: Thu, 22 Apr 2021 14:23:50 +0000
Message-ID: <139DC327-3583-4747-B387-3C4DD7574B20@akamai.com>
References: <a12ce292-a8aa-88ee-e46d-4f7bc7c0526b@nohats.ca> <44A7DF8F-3D18-46A4-B98D-C4F6E383CEE4@akamai.com> <B53B40FA-23C2-411D-A92A-574D42434F34@akamai.com> <9157e3722c894cc4a28ab6ffc1d91bfa@cert.org>
In-Reply-To: <9157e3722c894cc4a28ab6ffc1d91bfa@cert.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.48.21041102
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.27.164.43]
Content-Type: text/plain; charset="utf-8"
Content-ID: <3A48F9A35349E949A1A15A9D189265F6@akamai.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.761 definitions=2021-04-22_06:2021-04-22, 2021-04-22 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 phishscore=0 mlxscore=0 mlxlogscore=999 spamscore=0 malwarescore=0 suspectscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2104060000 definitions=main-2104220117
X-Proofpoint-ORIG-GUID: 0V9ZuFzm-BYPjjI-O2HzDk1KA66BRZMP
X-Proofpoint-GUID: 0V9ZuFzm-BYPjjI-O2HzDk1KA66BRZMP
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.761 definitions=2021-04-22_06:2021-04-22, 2021-04-22 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 clxscore=1011 mlxscore=0 spamscore=0 bulkscore=0 mlxlogscore=999 impostorscore=0 lowpriorityscore=0 adultscore=0 priorityscore=1501 phishscore=0 malwarescore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2104060000 definitions=main-2104220117
X-Agari-Authentication-Results: mx.akamai.com; spf=${SPFResult} (sender IP is 184.51.33.19) smtp.mailfrom=rsalz@akamai.com smtp.helo=prod-mail-ppoint2
Archived-At: <https://mailarchive.ietf.org/arch/msg/trans/xBBuhBp4BvytvQOOyAptjV7Q9fE>
Subject: Re: [Trans] picking up draft-ietf-trans-rfc6962-bis
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Apr 2021 14:24:03 -0000

>    I don't think there is a better list of COMMENTs than those directly in the IESG ballots:

>    https://datatracker.ietf.org/doc/draft-ietf-trans-rfc6962-bis/ballot/

I am very sure that all of the open DISCUSS and COMMENT ballots have been addressed, except for three items that Ben raised that need clarification from him or the WG. That is message https://mailarchive.ietf.org/arch/msg/trans/yFJRli55wJ68EcQy5H97b97t8yY/ posted to the list a week ago.

I think it is reasonable to ask the members of the IESG to take a look at the current document and confirm that their items have been addressed. Or, if Ben will respond to the email relatively soon, then it might make sense to wait for that.

As a convenience here is a list of what changed since the last review:

Address most of Ben's comments (#327)
    * Remove timestamp redundancy
    * Add CABBR ref for use in public definition
    * Log-trust mechanisms are being developed
    * Avoid using needless `n` term
    * Clarify processing rules (no looping)
    * Define leaf_index in "verifying an inclusion proof"
    * Use "D_m" instead of "D[m]"
    * Clarify OID comparison in 3.2
    * Clarify maximum chain length semantics
    * Clarify format of Final STH
    * Clearify full DER encoding of OID
    * Use 2119 language around log OID length
    * Clarify sct_extensions
    * Signature cannot be zero-length
    * Add some back references/pointers
    * then->"so that" clarification
    * Clarify chain as array of JSON strings
    * Clarify "chosen certificate" is the hashed value
    * Clarify JSON "representing" -> "equivalent to"
    * Add note about TLS to get-anchors message
    * Add "of course" words on TLS extensions
    * We don't discuss client use/discovery of logs
    * Remove redundant "to the server" in handshake
    * Allow omitting or sending empty array
    * Update text about LogID OIDs
    * Make RFC 6223,6979 normative
    * Remove two questions; handled in PR 329
    * Respond to Rob's feedback
    * Clarify need for signer's key
    * Remove work file

Alexey comments (#325)
    * Define LSB
    * Add DER reference
    * Add TLS 1.2 reference
    * No limit on MMD value
    * Clarify which Base64 encoding
    * Add URL reference
    * Reword "prevent CA from avoiding blame"
    * Clarify why extra fields SHOULD be ignored
    * Revise "client evaluate compliance"
    * Say why monitor polling frequency isn't specified.
    * Rob's feedback on the PR.

Address Alexey DISCUSS items (#318)
    * Add trans:errors to URN sub-namespace
    * Also ask IANA to create the trans:error registry.
    * Fix typo; add missing errors

Address Mirja (and other misc) comments:
    * Explain lack of OID registry
    * Add pointers to Merkle docs
    * Remove references to gossip I-D
    * Clarify lack of specifics on HTTP status codes
    * Edit wording on shutting down a log
    * Reference IANA registry names
    * Clarify server status options
    * Update server status-sending options
    * Remove 'for off-line use' per @agwa
    * Fix some typo's
    * Explain why server-side isn't covered
    * Add clarifying notes to SignatureScheme registry
    * Clarification on timeouts and limits
    * Clarify ignoring SCT extensions
    * Remove refs to draft-ietf-trans-threat-analysis (#328)
    * Proof paths can be zero-length (#326)

v2.23.0 | Report a Bug | By Email