Skip to main content

Online Certificate Status Protocol (OCSP) Nonce Extension
draft-ietf-lamps-ocsp-nonce-update-11

Revision differences

Document history

Date Rev. By Action
2024-08-26
(System)
Received changes through RFC Editor sync (changed state to RFC, created became rfc relationship between draft-ietf-lamps-ocsp-nonce-update and RFC 9654, changed IESG state to RFC …
Received changes through RFC Editor sync (changed state to RFC, created became rfc relationship between draft-ietf-lamps-ocsp-nonce-update and RFC 9654, changed IESG state to RFC Published)
2024-08-26
11 (System) RFC Editor state changed to AUTH48-DONE from AUTH48
2024-08-16
11 (System) RFC Editor state changed to AUTH48
2024-06-04
11 (System) IANA Action state changed to RFC-Ed-Ack from Waiting on RFC Editor
2024-06-04
11 (System) IANA Action state changed to Waiting on RFC Editor from In Progress
2024-06-04
11 (System) IANA Action state changed to In Progress from Waiting on Authors
2024-06-03
11 (System) IANA Action state changed to Waiting on Authors
2024-05-24
11 (System) RFC Editor state changed to EDIT
2024-05-24
11 (System) IESG state changed to RFC Ed Queue from Approved-announcement sent
2024-05-24
11 (System) Announcement was received by RFC Editor
2024-05-23
11 Liz Flynn IESG state changed to Approved-announcement sent from Approved-announcement to be sent
2024-05-23
11 Liz Flynn IESG has approved the document
2024-05-23
11 Liz Flynn Closed "Approve" ballot
2024-05-23
11 Liz Flynn Ballot approval text was generated
2024-05-23
11 Liz Flynn Ballot writeup was changed
2024-05-23
11 (System) Removed all action holders (IESG state changed)
2024-05-23
11 Roman Danyliw IESG state changed to Approved-announcement to be sent from IESG Evaluation::AD Followup
2024-05-22
11 himanshu sharma New version available: draft-ietf-lamps-ocsp-nonce-update-11.txt
2024-05-22
11 himanshu sharma New version accepted (logged-in submitter: himanshu sharma)
2024-05-22
11 himanshu sharma Uploaded new revision
2024-05-22
10 himanshu sharma New version available: draft-ietf-lamps-ocsp-nonce-update-10.txt
2024-05-22
10 himanshu sharma New version accepted (logged-in submitter: himanshu sharma)
2024-05-22
10 himanshu sharma Uploaded new revision
2024-05-22
09 Paul Wouters
[Ballot comment]
Thanks for addressing my DISCUSS points. Note that my below comment is still relevant. You may conclude no changes are needed, but I …
[Ballot comment]
Thanks for addressing my DISCUSS points. Note that my below comment is still relevant. You may conclude no changes are needed, but I think it would be nice to be addressed.


Maybe bring the reason for the nonce out from Section 3 to the Introduction,
as I wondered why one would care about replays of signed messages. It is not
really a security consideration but part of the design.
2024-05-22
09 Paul Wouters [Ballot Position Update] Position for Paul Wouters has been changed to Yes from Discuss
2024-05-17
09 Deb Cooley [Ballot comment]
The authors have resolved all of my comments.  TYVM.
2024-05-17
09 Deb Cooley [Ballot Position Update] Position for Deb Cooley has been changed to Yes from Discuss
2024-05-17
09 (System) IANA Review state changed to Version Changed - Review Needed from IANA OK - Actions Needed
2024-05-17
09 himanshu sharma New version available: draft-ietf-lamps-ocsp-nonce-update-09.txt
2024-05-17
09 himanshu sharma New version accepted (logged-in submitter: himanshu sharma)
2024-05-17
09 himanshu sharma Uploaded new revision
2024-05-16
08 Jenny Bui IESG state changed to IESG Evaluation::AD Followup from IESG Evaluation
2024-05-15
08 Deb Cooley
[Ballot discuss]
Section 2.1, paragraph 2:  The MUST in this paragraph might create interoperability issues by setting the minimum nonce size for this draft to …
[Ballot discuss]
Section 2.1, paragraph 2:  The MUST in this paragraph might create interoperability issues by setting the minimum nonce size for this draft to be the maximum nonce size for [RFC8954].  This is unfortunate.  Is that necessary? There is nothing in the Security Considerations that discusses how long a nonce should be to be secure.  [RFC8954] used a 1 byte nonce as the example of a nonce that is 'too small'.

Section 2.1, paragraph 3:  There appears to be some guidance attempted where the authors are recommending nonces of length 16-32. Is there rationale for this guidance?  Again, there is nothing in Security Considerations that addresses what a secure nonce size might be.

My recommendation is to simplify these two paragraphs to be clearer on the actual requirements (i.e. reject nonces that are 0 or larger than 128 bytes).  And then to make simple and clear recommendations for nonce size ranges.
2024-05-15
08 Deb Cooley [Ballot Position Update] New position, Discuss, has been recorded for Deb Cooley
2024-05-15
08 Sabrina Tanamal IANA Review state changed to IANA OK - Actions Needed from Version Changed - Review Needed
2024-05-15
08 Murray Kucherawy [Ballot comment]
Thanks to Jim Fenton for his ARTART reviews (plural!).
2024-05-15
08 Murray Kucherawy [Ballot Position Update] New position, No Objection, has been recorded for Murray Kucherawy
2024-05-15
08 Francesca Palombini [Ballot Position Update] New position, No Objection, has been recorded for Francesca Palombini
2024-05-14
08 (System) IANA Review state changed to Version Changed - Review Needed from IANA OK - Actions Needed
2024-05-14
08 himanshu sharma New version available: draft-ietf-lamps-ocsp-nonce-update-08.txt
2024-05-14
08 himanshu sharma New version accepted (logged-in submitter: himanshu sharma)
2024-05-14
08 himanshu sharma Uploaded new revision
2024-05-14
07 Zaheduzzaman Sarker [Ballot Position Update] New position, No Objection, has been recorded for Zaheduzzaman Sarker
2024-05-13
07 Joseph Salowey Request for Telechat review by SECDIR Completed: Ready. Reviewer: Joseph Salowey. Sent review to list. Submission of review completed at an earlier date.
2024-05-13
07 Joseph Salowey Request for Telechat review by SECDIR Completed: Ready. Reviewer: Joseph Salowey.
2024-05-13
07 Mahesh Jethanandani
[Ballot comment]
Thanks to Susan Harris for her OPSDIR review. Although most of her comments were characterized as NITs, I feel they should be addressed. …
[Ballot comment]
Thanks to Susan Harris for her OPSDIR review. Although most of her comments were characterized as NITs, I feel they should be addressed. Specifically, and I know that more RFC were cited to explain OIDs in ASN.1, it was still not clear (to me) the correlation between the octet string and the values in the object identifier.

Section 2.1, paragraph 3
>    An OCSP responder that implements this document MUST reject any OCSP
>    request that has a Nonce with a length of either 0 octets or more
>    than 128 octets, with the malformedRequest OCSPResponseStatus as
>    described in Section 4.2.1 of [RFC6960].  Responders, supporting the
>    Nonce extension, MUST accept Nonce lengths of at least 16 octets and
>    MAY choose to ignore the Nonce extension for requests where the
>    length of the Nonce is less than 16 octets or more than 32 octets.

I also support Paul's DISCUSS.

No reference entries found for these items, which were mentioned in the text:
[1], [2], and [0]. Note, xml2rfc interprets anything within a square bracket
to be a reference that needs to be cited in the normative/informative list.
2024-05-13
07 Mahesh Jethanandani [Ballot Position Update] New position, No Objection, has been recorded for Mahesh Jethanandani
2024-05-13
07 Paul Wouters
[Ballot discuss]
Just a small bug to fix:

        An OCSP responder that implements this document MUST reject any
      …
[Ballot discuss]
Just a small bug to fix:

        An OCSP responder that implements this document MUST reject any
        OCSP request that has a Nonce with a length of either 0 octets or
        more than 128 octets, with the malformedRequest OCSPResponseStatus
        as described in Section 4.2.1 of [RFC6960]. Responders, supporting
        the Nonce extension, MUST accept Nonce lengths of at least 16
        octets and MAY choose to ignore the Nonce extension for requests
        where the length of the Nonce is less than 16 octets or more
        than 32 octets.

So a 0 length MUST reject, but a < 16 length MAY ignore?

So for 0, these two requirements contradict each other.

Maybe say for a length 1-15 MAY ignore?

I'm also confused what "ignore" means. If it means "don't reply with the nonce"
then shouldn't the client reject the message as it asked for a nonce. Or is it
assumed asking for a 1-15 size nonce may result in no answer. Seems like a weird
thing for a client to use then? Maybe "SHOULD NOT ask for 1-15 sized nonce" ?
2024-05-13
07 Paul Wouters
[Ballot comment]
Maybe bring the reason for the nonce out from Section 3 to the Introduction,
as I wondered why one would care about replays …
[Ballot comment]
Maybe bring the reason for the nonce out from Section 3 to the Introduction,
as I wondered why one would care about replays of signed messages. It is not
really a security consideration but part of the design.
2024-05-13
07 Paul Wouters [Ballot Position Update] New position, Discuss, has been recorded for Paul Wouters
2024-05-10
07 Erik Kline
[Ballot comment]
# Internet AD comments for draft-ietf-lamps-ocsp-nonce-update-07
CC @ekline

* comment syntax:
  - https://github.com/mnot/ietf-comments/blob/main/format.md

* "Handling Ballot Positions":
  - https://ietf.org/about/groups/iesg/statements/handling-ballot-positions/

## Comments …
[Ballot comment]
# Internet AD comments for draft-ietf-lamps-ocsp-nonce-update-07
CC @ekline

* comment syntax:
  - https://github.com/mnot/ietf-comments/blob/main/format.md

* "Handling Ballot Positions":
  - https://ietf.org/about/groups/iesg/statements/handling-ballot-positions/

## Comments

### S2.1

* I'm sure I must be confused, but I don't understand why this document says
  that OCSP responders supporting the Nonce extension MAY choose to ignore
  requests with lengths of the Nonce extension greater than 32 octets.

  It seems like the document is saying "clients: you can send up to 128;
  responders: drop things larger than 32 if you want".

  But I'm sure I must be misunderstanding something.
2024-05-10
07 Erik Kline [Ballot Position Update] New position, No Objection, has been recorded for Erik Kline
2024-05-10
07 (System) IANA Review state changed to IANA OK - Actions Needed from Version Changed - Review Needed
2024-05-09
07 Jim Guichard [Ballot Position Update] New position, No Objection, has been recorded for Jim Guichard
2024-05-08
07 Gunter Van de Velde [Ballot Position Update] New position, No Objection, has been recorded for Gunter Van de Velde
2024-05-06
07 himanshu sharma New version available: draft-ietf-lamps-ocsp-nonce-update-07.txt
2024-05-06
07 himanshu sharma New version accepted (logged-in submitter: himanshu sharma)
2024-05-06
07 himanshu sharma Uploaded new revision
2024-05-06
06 Éric Vyncke
[Ballot comment]
Thanks for the work done in this document.

About `An OCSP client that implements this document MUST use a minimum length of 32 …
[Ballot comment]
Thanks for the work done in this document.

About `An OCSP client that implements this document MUST use a minimum length of 32 octets for Nonce octets in the Nonce extension.`

1) should this MUST also appears somehow in the abstract ?

2) why not using `Nonce ::= OCTET STRING(SIZE(32..128))` ? to be consistent with the above MUST
2024-05-06
06 Éric Vyncke [Ballot Position Update] New position, No Objection, has been recorded for Éric Vyncke
2024-05-03
06 Jim Fenton Request for Telechat review by ARTART Completed: Ready with Nits. Reviewer: Jim Fenton. Sent review to list.
2024-04-25
06 Barry Leiba Request for Telechat review by ARTART is assigned to Jim Fenton
2024-04-25
06 Tero Kivinen Request for Telechat review by SECDIR is assigned to Joseph Salowey
2024-04-24
06 Roman Danyliw Placed on agenda for telechat - 2024-05-16
2024-04-24
06 Roman Danyliw Ballot has been issued
2024-04-24
06 Roman Danyliw [Ballot Position Update] New position, Yes, has been recorded for Roman Danyliw
2024-04-24
06 Roman Danyliw Created "Approve" ballot
2024-04-24
06 Roman Danyliw IESG state changed to IESG Evaluation from Waiting for AD Go-Ahead::AD Followup
2024-04-24
06 Roman Danyliw Ballot writeup was changed
2024-04-11
06 (System) Changed action holders to Roman Danyliw (IESG state changed)
2024-04-11
06 (System) Sub state has been changed to AD Followup from Revised I-D Needed
2024-04-11
06 himanshu sharma New version available: draft-ietf-lamps-ocsp-nonce-update-06.txt
2024-04-11
06 himanshu sharma New version accepted (logged-in submitter: himanshu sharma)
2024-04-11
06 himanshu sharma Uploaded new revision
2024-04-09
05 Susan Hares Request for Last Call review by OPSDIR Completed: Has Nits. Reviewer: Susan Hares. Sent review to list.
2024-04-04
05 Roman Danyliw Please review the IETF LC SECDIR feedback
2024-04-04
05 (System) Changed action holders to himanshu sharma (IESG state changed)
2024-04-04
05 Roman Danyliw IESG state changed to Waiting for AD Go-Ahead::Revised I-D Needed from Waiting for AD Go-Ahead
2024-04-03
05 Ines Robles Request for Last Call review by GENART Completed: Ready. Reviewer: Ines Robles. Sent review to list. Submission of review completed at an earlier date.
2024-04-03
05 Ines Robles Request for Last Call review by GENART Completed: Ready. Reviewer: Ines Robles.
2024-04-03
05 (System) IESG state changed to Waiting for AD Go-Ahead from In Last Call
2024-04-02
05 (System) IANA Review state changed to Version Changed - Review Needed from IANA OK - Actions Needed
2024-04-02
05 himanshu sharma New version available: draft-ietf-lamps-ocsp-nonce-update-05.txt
2024-04-02
05 himanshu sharma New version accepted (logged-in submitter: himanshu sharma)
2024-04-02
05 himanshu sharma Uploaded new revision
2024-04-01
04 Jim Fenton Request for Last Call review by ARTART Completed: Almost Ready. Reviewer: Jim Fenton. Sent review to list.
2024-04-01
04 Russ Housley
Shepherd Write-up for draft-ietf-lamps-ocsp-nonce-update-04


(1) What type of RFC is being requested (BCP, Proposed Standard, Internet
Standard, Informational, Experimental, or Historic)?  Why is this the …
Shepherd Write-up for draft-ietf-lamps-ocsp-nonce-update-04


(1) What type of RFC is being requested (BCP, Proposed Standard, Internet
Standard, Informational, Experimental, or Historic)?  Why is this the
proper type of RFC?  Is this type of RFC indicated in the title page
header?

  Proposed Standard.  Yes, the header calls for Standards Track.
 
  This new RFC will update RFC 6960, which is a Proposed Standard.
 

(2) The IESG approval announcement includes a Document Announcement
Write-Up.  Please provide such a Document Announcement Write-Up.  Recent
examples can be found in the "Action" announcements for approved
documents.  The approval announcement contains the following sections:

  Technical Summary:

    This document updates RFC 6960 to specify a maximum size for a nonce
    in the Online Certificate Status Protocol (OCSP),  The nonce is used
    in the OCSP request and response messages to detect replay attacks.

  Working Group Summary:

    There is consensus for this document in the LAMPS WG.

  Document Quality:

    OCSP has wide support.  Several people have expressed support of
    the size limit on the nonce that is specified in this document.
 
  Personnel:

    Russ Housley is the document shepherd.
    Roman Danyliw is the responsible area director.


(3) Briefly describe the review of this document that was performed by
the Document Shepherd.  If this version of the document is not ready for
publication, please explain why the document is being forwarded to the
IESG.

  The document shepherd did a thorough review of the document during
  WG Last Call.  A few concerns were raised, and they were explained or
  resolved.


(4) Does the document Shepherd have any concerns about the depth or
breadth of the reviews that have been performed?

  No concerns.


(5) Do portions of the document need review from a particular or from
broader perspective, e.g., security, operational complexity, AAA, DNS,
DHCP, XML, or internationalization?  If so, describe the review that took
place.

  Several people that were involved in the PKIX WG were part of the
  review that took place during LAMPS WG Last Call.


(6) Describe any specific concerns or issues that the Document Shepherd
has with this document that the Responsible Area Director and/or the IESG
should be aware of?  For example, perhaps he or she is uncomfortable with
certain parts of the document, or has concerns whether there really is a
need for it.  In any event, if the WG has discussed those issues and has
indicated that it still wishes to advance the document, detail those
concerns here.

  No concerns.


(7) Has each author confirmed that any and all appropriate IPR
disclosures required for full conformance with the provisions of BCP 78
and BCP 79 have already been filed.  If not, explain why?

  The author explicitly stated that he is unaware of any additional
  IP that was introduced in the updates to the document.

  The author explicitly stated that he does not hold any IPR related
  to the document.


(8) Has an IPR disclosure been filed that references this document?  If
so, summarize any WG discussion and conclusion regarding the IPR
disclosures.

  No IPR disclosures have been submitted directly on this document,
  the individual I-D that came earlier (draft-msahni-lamps-ocsp-nonce),
  or RFC 6960.


(9) How solid is the WG consensus behind this document?  Does it
represent the strong concurrence of a few individuals, with others being
silent, or does the WG as a whole understand and agree with it?

  There is consensus for this document in the LAMPS WG.


(10) Has anyone threatened an appeal or otherwise indicated extreme
discontent?  If so, please summarise the areas of conflict in separate
email messages to the Responsible Area Director.  (It should be in a
separate email because this questionnaire is publicly available.)

  No one has threatened an appeal.


(11) Identify any ID nits the Document Shepherd has found in this
document.  (See http://www.ietf.org/tools/idnits/ and the Internet-Drafts
Checklist).  Boilerplate checks are not enough; this check needs to be
thorough.

  IDnits reports:
  -- The draft header indicates that this document updates RFC6960, but the
    abstract doesn't seem to directly say this.  It does mention RFC6960
    though, so this could be OK.
  The Abstract includes "This document updates the RFC 6960".
  This warning seems to be the result of "the" or a missing period.


(12) Describe how the document meets any required formal review criteria,
such as the MIB Doctor, media type, and URI type reviews.

  No special reviews are needed.


(13) Have all references within this document been identified as either
normative or informative?

  Yes.


(14) Are there normative references to documents that are not ready for
advancement or are otherwise in an unclear state?  If such normative
references exist, what is the plan for their completion?

  No.


(15) Are there downward normative references references (see RFC 3967)?
If so, list these downward references to support the Area Director in the
Last Call procedure.

  There are no downward normative references.


(16) Will publication of this document change the status of any existing
RFCs?  Are those RFCs listed on the title page header, listed in the
abstract, and discussed in the introduction?  If the RFCs are not listed
in the Abstract and Introduction, explain why, and point to the part of
the document where the relationship of this document to the other RFCs is
discussed.  If this information is not in the document, explain why the
WG considers it unnecessary.

  This new RFC will update RFC 6090, which is clearly stated on the
  title page and the Abstract.


(17) Describe the Document Shepherd's review of the IANA considerations
section, especially with regard to its consistency with the body of the
document.  Confirm that all protocol extensions that the document makes
are associated with the appropriate reservations in IANA registries.
Confirm that any referenced IANA registries have been clearly identified.
Confirm that newly created IANA registries include a detailed
specification of the initial contents for the registry, that allocations
procedures for future registrations are defined, and a reasonable name
for the new registry has been suggested (see RFC 5226).

  This document requires the assignment of two module identifiers for
  the revised ASN.1 modules.


(18) List any new IANA registries that require Expert Review for future
allocations.  Provide any public guidance that the IESG would find useful
in selecting the IANA Experts for these new registries.

  No new IANA registries are needed.


(19) Describe reviews and automated checks performed by the Document
Shepherd to validate sections of the document written in a formal
language, such as XML code, BNF rules, MIB definitions, etc.

  The ASN.1 module in RFC 6960, once updated with the changes in
  this document, properly compiles.  (Thanks for Jim Schaad for
  doing that for the LAMPS WG.)
2024-03-31
04 Joseph Salowey Request for Last Call review by SECDIR Completed: Has Issues. Reviewer: Joseph Salowey. Sent review to list.
2024-03-30
04 Tero Kivinen Request for Last Call review by SECDIR is assigned to Joseph Salowey
2024-03-29
04 (System) IANA Review state changed to IANA OK - Actions Needed from IANA - Review Needed
2024-03-29
04 David Dong
(Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs:

IANA has completed its review of draft-ietf-lamps-ocsp-nonce-update-04. If any part of this review is inaccurate, please let us know.

IANA …
(Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs:

IANA has completed its review of draft-ietf-lamps-ocsp-nonce-update-04. If any part of this review is inaccurate, please let us know.

IANA understands that, upon approval of this document, there is a single action which we must complete.

In the SMI Security for PKIX Module Identifier registry in the Structure of Management Information (SMI) Numbers (MIB Module Registrations) registry group located at:

https://www.iana.org/assignments/smi-numbers/

two new registrations will be made as follows:

Decimal: [ TBD-at-Registration ]
Description: id-mod-ocsp-2024-88
Reference: [ RFC-to-be ]

Decimal: [ TBD-at-Registration ]
Description: id-mod-ocsp-2024-08
Reference: [ RFC-to-be ]

As this document requests registrations in an Expert Review or Specification Required (see RFC 8126) registry, we have initiated and completed the required Expert Review via a separate request.

We understand that this is the only action required to be completed upon approval of this document.

NOTE: The actions requested in this document will not be completed until the document has been approved for publication as an RFC. This message is meant only to confirm the list of actions that will be performed.

For definitions of IANA review states, please see:

https://datatracker.ietf.org/help/state/draft/iana-review

Thank you,

David Dong
IANA Services Sr. Specialist
2024-03-22
04 Jean Mahoney Request for Last Call review by GENART is assigned to Ines Robles
2024-03-22
04 Barry Leiba Request for Last Call review by ARTART is assigned to Jim Fenton
2024-03-21
04 David Dong IANA Experts State changed to Expert Reviews OK from Reviews assigned
2024-03-21
04 Carlos Pignataro Request for Last Call review by OPSDIR is assigned to Susan Hares
2024-03-20
04 David Dong IANA Experts State changed to Reviews assigned
2024-03-20
04 Cindy Morgan IANA Review state changed to IANA - Review Needed
2024-03-20
04 Cindy Morgan
The following Last Call announcement was sent out (ends 2024-04-03):

From: The IESG
To: IETF-Announce
CC: draft-ietf-lamps-ocsp-nonce-update@ietf.org, housley@vigilsec.com, lamps-chairs@ietf.org, rdd@cert.org, spasm@ietf.org …
The following Last Call announcement was sent out (ends 2024-04-03):

From: The IESG
To: IETF-Announce
CC: draft-ietf-lamps-ocsp-nonce-update@ietf.org, housley@vigilsec.com, lamps-chairs@ietf.org, rdd@cert.org, spasm@ietf.org
Reply-To: last-call@ietf.org
Sender:
Subject: Last Call:  (Online Certificate Status Protocol (OCSP) Nonce Extension) to Proposed Standard


The IESG has received a request from the Limited Additional Mechanisms for
PKIX and SMIME WG (lamps) to consider the following document: - 'Online
Certificate Status Protocol (OCSP) Nonce Extension'
  as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits final
comments on this action. Please send substantive comments to the
last-call@ietf.org mailing lists by 2024-04-03. Exceptionally, comments may
be sent to iesg@ietf.org instead. In either case, please retain the beginning
of the Subject line to allow automated sorting.

Abstract


  RFC 8954 imposed the size constraints on the optional Nonce extension
  for the Online Certificate Status Protocol (OCSP).  OCSP is used for
  checking the status of a certificate, and the Nonce extension is used
  to cryptographically bind an OCSP response message to a particular
  OCSP request message.

  Some environments use cryptographic algorithms that generate a Nonce
  value that is longer than 32 octets.  This document updates the
  maximum allowed length of Nonce to 128 octets.  This document also
  modifies Nonce section to clearly define the encoding format and
  values distinctively for an easier implementation and understanding.
  This document is a complete replacement for RFC 8954, obsoleting RFC
  8954
and provides updated ASN.1 modules for OCSP, updating RFC 6960.




The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-lamps-ocsp-nonce-update/



No IPR declarations have been submitted directly on this I-D.




2024-03-20
04 Cindy Morgan IESG state changed to In Last Call from Last Call Requested
2024-03-20
04 Roman Danyliw Last call was requested
2024-03-20
04 Roman Danyliw Last call announcement was generated
2024-03-20
04 Roman Danyliw Ballot approval text was generated
2024-03-20
04 Roman Danyliw Ballot writeup was generated
2024-03-20
04 Roman Danyliw IESG state changed to Last Call Requested from Publication Requested
2024-03-19
04 Russ Housley
Shepherd Write-up for draft-ietf-lamps-ocsp-nonce-update-04


(1) What type of RFC is being requested (BCP, Proposed Standard, Internet
Standard, Informational, Experimental, or Historic)?  Why is this the …
Shepherd Write-up for draft-ietf-lamps-ocsp-nonce-update-04


(1) What type of RFC is being requested (BCP, Proposed Standard, Internet
Standard, Informational, Experimental, or Historic)?  Why is this the
proper type of RFC?  Is this type of RFC indicated in the title page
header?

  Proposed Standard.  Yes, the header calls for Standards Track.
 
  This new RFC will update RFC 6960, which is a Proposed Standard.
 

(2) The IESG approval announcement includes a Document Announcement
Write-Up.  Please provide such a Document Announcement Write-Up.  Recent
examples can be found in the "Action" announcements for approved
documents.  The approval announcement contains the following sections:

  Technical Summary:

    This document updates RFC 6960 to specify a maximum size for a nonce
    in the Online Certificate Status Protocol (OCSP),  The nonce is used
    in the OCSP request and response messages to detect replay attacks.

  Working Group Summary:

    There is consensus for this document in the LAMPS WG.

  Document Quality:

    OCSP has wide support.  Several people have expressed support of
    the size limit on the nonce that is specified in this document.
 
  Personnel:

    Russ Housley is the document shepherd.
    Roman Danyliw is the responsible area director.


(3) Briefly describe the review of this document that was performed by
the Document Shepherd.  If this version of the document is not ready for
publication, please explain why the document is being forwarded to the
IESG.

  The document shepherd did a thorough review of the document during
  WG Last Call.  A few concerns were raised, and they were explained or
  resolved.


(4) Does the document Shepherd have any concerns about the depth or
breadth of the reviews that have been performed?

  No concerns.


(5) Do portions of the document need review from a particular or from
broader perspective, e.g., security, operational complexity, AAA, DNS,
DHCP, XML, or internationalization?  If so, describe the review that took
place.

  Several people that were involved in the PKIX WG were part of the
  review that took place during LAMPS WG Last Call.


(6) Describe any specific concerns or issues that the Document Shepherd
has with this document that the Responsible Area Director and/or the IESG
should be aware of?  For example, perhaps he or she is uncomfortable with
certain parts of the document, or has concerns whether there really is a
need for it.  In any event, if the WG has discussed those issues and has
indicated that it still wishes to advance the document, detail those
concerns here.

  No concerns.


(7) Has each author confirmed that any and all appropriate IPR
disclosures required for full conformance with the provisions of BCP 78
and BCP 79 have already been filed.  If not, explain why?

  The author explicitly stated that he is unaware of any additional
  IP that was introduced in the updates to the document.

  The author explicitly stated that he does not hold any IPR related
  to the document.


(8) Has an IPR disclosure been filed that references this document?  If
so, summarize any WG discussion and conclusion regarding the IPR
disclosures.

  No IPR disclosures have been submitted directly on this document,
  the individual I-D that came earlier (draft-msahni-lamps-ocsp-nonce),
  or RFC 6960.


(9) How solid is the WG consensus behind this document?  Does it
represent the strong concurrence of a few individuals, with others being
silent, or does the WG as a whole understand and agree with it?

  There is consensus for this document in the LAMPS WG.


(10) Has anyone threatened an appeal or otherwise indicated extreme
discontent?  If so, please summarise the areas of conflict in separate
email messages to the Responsible Area Director.  (It should be in a
separate email because this questionnaire is publicly available.)

  No one has threatened an appeal.


(11) Identify any ID nits the Document Shepherd has found in this
document.  (See http://www.ietf.org/tools/idnits/ and the Internet-Drafts
Checklist).  Boilerplate checks are not enough; this check needs to be
thorough.

  IDnits reports:
  -- The draft header indicates that this document updates RFC6960, but the
    abstract doesn't seem to directly say this.  It does mention RFC6960
    though, so this could be OK.
  The Abstract includes "This document updates the RFC 6960".
  This warning seems to be the result of "the" or a missing period.


(12) Describe how the document meets any required formal review criteria,
such as the MIB Doctor, media type, and URI type reviews.

  No special reviews are needed.


(13) Have all references within this document been identified as either
normative or informative?

  Yes.


(14) Are there normative references to documents that are not ready for
advancement or are otherwise in an unclear state?  If such normative
references exist, what is the plan for their completion?

  No.


(15) Are there downward normative references references (see RFC 3967)?
If so, list these downward references to support the Area Director in the
Last Call procedure.

  There are no downward normative references.


(16) Will publication of this document change the status of any existing
RFCs?  Are those RFCs listed on the title page header, listed in the
abstract, and discussed in the introduction?  If the RFCs are not listed
in the Abstract and Introduction, explain why, and point to the part of
the document where the relationship of this document to the other RFCs is
discussed.  If this information is not in the document, explain why the
WG considers it unnecessary.

  This new RFC will update RFC 6090, which is clearly stated on the
  title page and the Abstract.


(17) Describe the Document Shepherd's review of the IANA considerations
section, especially with regard to its consistency with the body of the
document.  Confirm that all protocol extensions that the document makes
are associated with the appropriate reservations in IANA registries.
Confirm that any referenced IANA registries have been clearly identified.
Confirm that newly created IANA registries include a detailed
specification of the initial contents for the registry, that allocations
procedures for future registrations are defined, and a reasonable name
for the new registry has been suggested (see RFC 5226).

  This document does not call for any IANA actions.


(18) List any new IANA registries that require Expert Review for future
allocations.  Provide any public guidance that the IESG would find useful
in selecting the IANA Experts for these new registries.

  No new IANA registries are needed.


(19) Describe reviews and automated checks performed by the Document
Shepherd to validate sections of the document written in a formal
language, such as XML code, BNF rules, MIB definitions, etc.

  The ASN.1 module in RFC 6960, once updated with the changes in
  this document, properly compiles.  (Thanks for Jim Schaad for
  doing that for the LAMPS WG.)
2024-03-19
04 Russ Housley IETF WG state changed to Submitted to IESG for Publication from WG Consensus: Waiting for Write-Up
2024-03-19
04 Russ Housley IESG state changed to Publication Requested from I-D Exists
2024-03-19
04 (System) Changed action holders to Roman Danyliw (IESG state changed)
2024-03-19
04 Russ Housley Responsible AD changed to Roman Danyliw
2024-03-19
04 Russ Housley Document is now in IESG state Publication Requested
2024-03-19
04 Russ Housley IETF WG state changed to WG Consensus: Waiting for Write-Up from In WG Last Call
2024-03-19
04 Russ Housley
Shepherd Write-up for draft-ietf-lamps-ocsp-nonce-update-04


(1) What type of RFC is being requested (BCP, Proposed Standard, Internet
Standard, Informational, Experimental, or Historic)?  Why is this the …
Shepherd Write-up for draft-ietf-lamps-ocsp-nonce-update-04


(1) What type of RFC is being requested (BCP, Proposed Standard, Internet
Standard, Informational, Experimental, or Historic)?  Why is this the
proper type of RFC?  Is this type of RFC indicated in the title page
header?

  Proposed Standard.  Yes, the header calls for Standards Track.
 
  This new RFC will update RFC 6960, which is a Proposed Standard.
 

(2) The IESG approval announcement includes a Document Announcement
Write-Up.  Please provide such a Document Announcement Write-Up.  Recent
examples can be found in the "Action" announcements for approved
documents.  The approval announcement contains the following sections:

  Technical Summary:

    This document updates RFC 6960 to specify a maximum size for a nonce
    in the Online Certificate Status Protocol (OCSP),  The nonce is used
    in the OCSP request and response messages to detect replay attacks.

  Working Group Summary:

    There is consensus for this document in the LAMPS WG.

  Document Quality:

    OCSP has wide support.  Several people have expressed support of
    the size limit on the nonce that is specified in this document.
 
  Personnel:

    Russ Housley is the document shepherd.
    Roman Danyliw is the responsible area director.


(3) Briefly describe the review of this document that was performed by
the Document Shepherd.  If this version of the document is not ready for
publication, please explain why the document is being forwarded to the
IESG.

  The document shepherd did a thorough review of the document during
  WG Last Call.  A few concerns were raised, and they were explained or
  resolved.


(4) Does the document Shepherd have any concerns about the depth or
breadth of the reviews that have been performed?

  No concerns.


(5) Do portions of the document need review from a particular or from
broader perspective, e.g., security, operational complexity, AAA, DNS,
DHCP, XML, or internationalization?  If so, describe the review that took
place.

  Several people that were involved in the PKIX WG were part of the
  review that took place during LAMPS WG Last Call.


(6) Describe any specific concerns or issues that the Document Shepherd
has with this document that the Responsible Area Director and/or the IESG
should be aware of?  For example, perhaps he or she is uncomfortable with
certain parts of the document, or has concerns whether there really is a
need for it.  In any event, if the WG has discussed those issues and has
indicated that it still wishes to advance the document, detail those
concerns here.

  No concerns.


(7) Has each author confirmed that any and all appropriate IPR
disclosures required for full conformance with the provisions of BCP 78
and BCP 79 have already been filed.  If not, explain why?

  The author explicitly stated that he is unaware of any additional
  IP that was introduced in the updates to the document.

  The author explicitly stated that he does not hold any IPR related
  to the document.


(8) Has an IPR disclosure been filed that references this document?  If
so, summarize any WG discussion and conclusion regarding the IPR
disclosures.

  No IPR disclosures have been submitted directly on this document,
  the individual I-D that came earlier (draft-msahni-lamps-ocsp-nonce),
  or RFC 6960.


(9) How solid is the WG consensus behind this document?  Does it
represent the strong concurrence of a few individuals, with others being
silent, or does the WG as a whole understand and agree with it?

  There is consensus for this document in the LAMPS WG.


(10) Has anyone threatened an appeal or otherwise indicated extreme
discontent?  If so, please summarise the areas of conflict in separate
email messages to the Responsible Area Director.  (It should be in a
separate email because this questionnaire is publicly available.)

  No one has threatened an appeal.


(11) Identify any ID nits the Document Shepherd has found in this
document.  (See http://www.ietf.org/tools/idnits/ and the Internet-Drafts
Checklist).  Boilerplate checks are not enough; this check needs to be
thorough.

  IDnits reports:
  -- The draft header indicates that this document updates RFC6960, but the
    abstract doesn't seem to directly say this.  It does mention RFC6960
    though, so this could be OK.
  The Abstract includes "This document updates the RFC 6960".
  This warning seems to be the result of "the" or a missing period.


(12) Describe how the document meets any required formal review criteria,
such as the MIB Doctor, media type, and URI type reviews.

  No special reviews are needed.


(13) Have all references within this document been identified as either
normative or informative?

  Yes.


(14) Are there normative references to documents that are not ready for
advancement or are otherwise in an unclear state?  If such normative
references exist, what is the plan for their completion?

  No.


(15) Are there downward normative references references (see RFC 3967)?
If so, list these downward references to support the Area Director in the
Last Call procedure.

  There are no downward normative references.


(16) Will publication of this document change the status of any existing
RFCs?  Are those RFCs listed on the title page header, listed in the
abstract, and discussed in the introduction?  If the RFCs are not listed
in the Abstract and Introduction, explain why, and point to the part of
the document where the relationship of this document to the other RFCs is
discussed.  If this information is not in the document, explain why the
WG considers it unnecessary.

  This new RFC will update RFC 6090, which is clearly stated on the
  title page and the Abstract.


(17) Describe the Document Shepherd's review of the IANA considerations
section, especially with regard to its consistency with the body of the
document.  Confirm that all protocol extensions that the document makes
are associated with the appropriate reservations in IANA registries.
Confirm that any referenced IANA registries have been clearly identified.
Confirm that newly created IANA registries include a detailed
specification of the initial contents for the registry, that allocations
procedures for future registrations are defined, and a reasonable name
for the new registry has been suggested (see RFC 5226).

  This document does not call for any IANA actions.


(18) List any new IANA registries that require Expert Review for future
allocations.  Provide any public guidance that the IESG would find useful
in selecting the IANA Experts for these new registries.

  No new IANA registries are needed.


(19) Describe reviews and automated checks performed by the Document
Shepherd to validate sections of the document written in a formal
language, such as XML code, BNF rules, MIB definitions, etc.

  The ASN.1 module in RFC 6960, once updated with the changes in
  this document, properly compiles.  (Thanks for Jim Schaad for
  doing that for the LAMPS WG.)
2024-03-16
04 himanshu sharma New version available: draft-ietf-lamps-ocsp-nonce-update-04.txt
2024-03-16
04 himanshu sharma New version accepted (logged-in submitter: himanshu sharma)
2024-03-16
04 himanshu sharma Uploaded new revision
2024-03-06
03 Russ Housley Notification list changed to housley@vigilsec.com because the document shepherd was set
2024-03-06
03 Russ Housley Document shepherd changed to Russ Housley
2024-03-06
03 Russ Housley Intended Status changed to Proposed Standard from None
2024-03-06
03 Russ Housley Changed consensus to Yes from Unknown
2024-03-06
03 Russ Housley IETF WG state changed to In WG Last Call from WG Document
2024-02-29
03 himanshu sharma New version available: draft-ietf-lamps-ocsp-nonce-update-03.txt
2024-02-29
03 himanshu sharma New version accepted (logged-in submitter: himanshu sharma)
2024-02-29
03 himanshu sharma Uploaded new revision
2024-02-28
02 himanshu sharma New version available: draft-ietf-lamps-ocsp-nonce-update-02.txt
2024-02-28
02 himanshu sharma New version accepted (logged-in submitter: himanshu sharma)
2024-02-28
02 himanshu sharma Uploaded new revision
2024-02-24
01 himanshu sharma New version available: draft-ietf-lamps-ocsp-nonce-update-01.txt
2024-02-24
01 himanshu sharma New version accepted (logged-in submitter: himanshu sharma)
2024-02-24
01 himanshu sharma Uploaded new revision
2024-02-20
00 Russ Housley This document now replaces draft-hsharma-lamps-ocsp-nonce-update instead of None
2024-02-20
00 himanshu sharma New version available: draft-ietf-lamps-ocsp-nonce-update-00.txt
2024-02-20
00 Russ Housley WG -00 approved
2024-02-20
00 himanshu sharma Set submitter to "Himanshu Sharma ", replaces to draft-hsharma-lamps-ocsp-nonce-update and sent approval email to group chairs: lamps-chairs@ietf.org
2024-02-20
00 himanshu sharma Uploaded new revision