Skip to main content

Related Certificates for Use in Multiple Authentications within a Protocol
draft-ietf-lamps-cert-binding-for-multi-auth-05

Discuss


Yes

Roman Danyliw

No Objection

Erik Kline
Francesca Palombini
Gunter Van de Velde
Jim Guichard
John Scudder
Murray Kucherawy

No Record

Deb Cooley

Summary: Has a DISCUSS. Has enough positions to pass once DISCUSS positions are resolved.

Paul Wouters
Discuss
Discuss (2024-05-28) Sent
This is a minor item, but when looking at:

IssuerAndSerialNumber ::= SEQUENCE {
        issuer       Name,
        serialNumber CertificateSerialNumber }

This does not uniquely identify a CA. When embedding an entire CA chain as proof, I can just make up my own matching LetsEncrypt named CA and EE cert with the same serial as my victim, and see if I can get a Cert B without actually having the private key of the real Cert A.

Perhaps something can be said in the Security Considerations that when trusting a CA, its public key should also be checked along its name to match the expected pubkey of the CA that CA B is about to trust.

Additionally, perhaps a note should be made in the Security Considerations section that this method can only be trusted before known PQ attacks are available. If Cert A (and thus CA A) uses quantum breakable algorithms, this scheme no longer guarantees that Cert B is requested by the owner of Cert A and not some lucky owner of a shiny new expensive quantum computer.
Roman Danyliw
Yes
Erik Kline
No Objection
Francesca Palombini
No Objection
Gunter Van de Velde
No Objection
Jim Guichard
No Objection
John Scudder
No Objection
Mahesh Jethanandani
No Objection
Comment (2024-05-21) Not sent
This document uses the RFC2119 keywords "SHOULD NOT", "MUST", "MAY", and
"SHOULD", but does not contain the recommended RFC8174 boilerplate. (It
contains a variant of the RFC2119 boilerplate.)

Found terminology that should be reviewed for inclusivity; see
https://www.rfc-editor.org/part2/#inclusive_language for background and more
guidance:

 * Term "traditional"; alternatives might be "classic", "classical", "common",
   "conventional", "customary", "fixed", "habitual", "historic",
   "long-established", "popular", "prescribed", "regular", "rooted",
   "time-honored", "universal", "widely used", "widespread"
 * Term "native"; alternatives might be "built-in", "fundamental", "ingrained",
   "intrinsic", "original"

-------------------------------------------------------------------------------
NIT
-------------------------------------------------------------------------------

All comments below are about very minor potential issues that you may choose to
address in some way - or ignore - as you see fit. Some were flagged by
automated tools (via https://github.com/larseggert/ietf-reviewtool), so there
will likely be some false positives. There is no need to let me know what you
did with these suggestions.

Section 1, paragraph 2
> ontaining the extension is able to be used in combination with the other spec
>                                    ^^^^^^^
Avoid the passive voice after "to be able to".

Section 2, paragraph 1
> at the end-entity owns and wants identified in the new certificate requested
>                                  ^^^^^^^^^^
The double modal "wants identified" is nonstandard (only accepted in certain
dialects). Consider "to be identified".

Section 4, paragraph 1
> d certificate } The extension is comprised of an octet string, which is the
>                               ^^^^^^^^^^^^^^^
Did you mean "comprises" or "consists of" or "is composed of"?

Section 5, paragraph 5
> reements on certificate policy with regards to certificate application, issua
>                                ^^^^^^^^^^^^^^^
Use "in regard to", "with regard to", or more simply "regarding".
Murray Kucherawy
No Objection
Orie Steele
No Objection
Comment (2024-05-27) Sent
# Orie Steele, ART AD, comments for draft-ietf-lamps-cert-binding-for-multi-auth-05 
CC @OR13

https://author-tools.ietf.org/api/idnits?url=https://www.ietf.org/archive/id/draft-ietf-lamps-cert-binding-for-multi-auth-05.txt&submitcheck=True

Thanks to Robert Sparks for the ARTART review.

## Comments

### Confusing ED Note

I agree with Robert's comment:

```
I also found the "ED Note" calling out (I assume) the discussion of _not using_
SCVPCertID instead of this extension, but quoting the structure anyway, pretty
confusing. Please consider if it will stimulate implementor error.
```

### non-composite hybrid authentication

```
19	   same end entity.  This mechanism is particularly useful in the
20	   context of non-composite hybrid authentication, which enables users
21	   to employ the same certificates in hybrid authentication as in
22	   authentication done with only traditional or post-quantum algorithms.
```

This document appears to define the term / concept of "non-composite hybrid authentication".

Later in security considerations, the general concept of hybrid is discussed.

Consider a reference to https://datatracker.ietf.org/doc/draft-ietf-pquip-pqt-hybrid-terminology/.

I found the term "non-composite hybrid" clear, however other readers might not.

### Media types for URLs?

```
202	   *  - If the request for (new) Cert B is to the same CA organization
203	      as issued (existing) Cert A, then the UniformResourceIdentifier
204	      value SHOULD be a URL that points to a file containing a
205	      certificate or certificate chain that the requesting entity owns,
206	      as detailed in [RFC5280]; the URL is made available via HTTP or
207	      HTTPS.  The file must permit access to a CMS 'certs-only' message
208	      containing the end entity X.509 certificate, or the entire
209	      certificate chain.  In this case, preference for a URL keeps the
210	      data limit smaller than using a dataURI.  All certificates
211	      contained must be DER encoded.
```

Are there specific media types, which MUST / SHOULD be supported?

Is there a benefit to specifying Accept / Content-Type headers here?

## Nits

### extant -> still existing

```
100	   - one in an extant certificate, and one in a current request) belong
101	   to the same entity.  To facilitate this, a CSR attribute is defined,
```

Might improve readability for folks who's first language is not english.

It's also possible more clarity regarding validity would help here... "currently valid, non revoked" ?

### PQC

```
111	   traditional cryptography to PQC.
```

Expand on first use. 

You might also consider relating PQC to Quantum Resistant (QR).

### dataURI reference location

```
199	   HTTPS, or a dataURI.  This field can contain one of two acceptable
200	   values:
```

Consider adding the reference to RFC2397 here, instead of a few sentences later.


### to be to the

```
466	   authentication have to be to the satisfaction of the verifier.  A
```

Have to satisfy the verifier?

### promiscuous online protocols

```
471	   implicit.  In an online protocol like IPsec where the peers are
472	   generally known, any mechanism selected from a pre-established set
473	   may be sufficient.  For more promiscuous online protocols, like TLS,
474	   the ability for the verifier to express what is possible and what is
475	   preferred – and to assess that it got what it needed – is important.
```

Is there a better word? 
I dared to search and the results varied in ways that lead me to believe there might be a better term here.
Warren Kumari
No Objection
Comment (2024-05-29) Not sent
Thank you for this document -- it is quite far outside my skillset, and so I have nothing to add....
Zaheduzzaman Sarker
No Objection
Comment (2024-05-29) Not sent
Thanks for working on this specification. I have no issues here from transport protocol point of view.
Éric Vyncke
No Objection
Comment (2024-05-27) Sent
Thanks for the work done in this document.

Below some non-blocking comments.

# Abstract

Please expand `CSR` at first use.

# Other non-expanded acronyms

E.g., PQP, PQ

# Wrong BCP 14 template

As noted by Mahesh.

# Section 3.1

Should this be a normative MUST in `All certificates contained must be DER encoded` ?

# X.509 or X.509v3

I noticed a single use of X.509v3 while other places are X.509. Is it on purpose ? If so, then some explanations will be welcome.
Deb Cooley
(was Abstain) No Record