Online Certificate Status Protocol (OCSP) Nonce Extension
draft-ietf-lamps-ocsp-nonce-update-11
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2024-08-26
|
(System) | Received changes through RFC Editor sync (changed state to RFC, created became rfc relationship between draft-ietf-lamps-ocsp-nonce-update and RFC 9654, changed IESG state to RFC … Received changes through RFC Editor sync (changed state to RFC, created became rfc relationship between draft-ietf-lamps-ocsp-nonce-update and RFC 9654, changed IESG state to RFC Published) |
|
2024-08-26
|
11 | (System) | RFC Editor state changed to AUTH48-DONE from AUTH48 |
2024-08-16
|
11 | (System) | RFC Editor state changed to AUTH48 |
2024-06-04
|
11 | (System) | IANA Action state changed to RFC-Ed-Ack from Waiting on RFC Editor |
2024-06-04
|
11 | (System) | IANA Action state changed to Waiting on RFC Editor from In Progress |
2024-06-04
|
11 | (System) | IANA Action state changed to In Progress from Waiting on Authors |
2024-06-03
|
11 | (System) | IANA Action state changed to Waiting on Authors |
2024-05-24
|
11 | (System) | RFC Editor state changed to EDIT |
2024-05-24
|
11 | (System) | IESG state changed to RFC Ed Queue from Approved-announcement sent |
2024-05-24
|
11 | (System) | Announcement was received by RFC Editor |
2024-05-23
|
11 | Liz Flynn | IESG state changed to Approved-announcement sent from Approved-announcement to be sent |
2024-05-23
|
11 | Liz Flynn | IESG has approved the document |
2024-05-23
|
11 | Liz Flynn | Closed "Approve" ballot |
2024-05-23
|
11 | Liz Flynn | Ballot approval text was generated |
2024-05-23
|
11 | Liz Flynn | Ballot writeup was changed |
2024-05-23
|
11 | (System) | Removed all action holders (IESG state changed) |
2024-05-23
|
11 | Roman Danyliw | IESG state changed to Approved-announcement to be sent from IESG Evaluation::AD Followup |
2024-05-22
|
11 | himanshu sharma | New version available: draft-ietf-lamps-ocsp-nonce-update-11.txt |
2024-05-22
|
11 | himanshu sharma | New version accepted (logged-in submitter: himanshu sharma) |
2024-05-22
|
11 | himanshu sharma | Uploaded new revision |
2024-05-22
|
10 | himanshu sharma | New version available: draft-ietf-lamps-ocsp-nonce-update-10.txt |
2024-05-22
|
10 | himanshu sharma | New version accepted (logged-in submitter: himanshu sharma) |
2024-05-22
|
10 | himanshu sharma | Uploaded new revision |
2024-05-22
|
09 | Paul Wouters | [Ballot comment] Thanks for addressing my DISCUSS points. Note that my below comment is still relevant. You may conclude no changes are needed, but I … [Ballot comment] Thanks for addressing my DISCUSS points. Note that my below comment is still relevant. You may conclude no changes are needed, but I think it would be nice to be addressed. Maybe bring the reason for the nonce out from Section 3 to the Introduction, as I wondered why one would care about replays of signed messages. It is not really a security consideration but part of the design. |
2024-05-22
|
09 | Paul Wouters | [Ballot Position Update] Position for Paul Wouters has been changed to Yes from Discuss |
2024-05-17
|
09 | Deb Cooley | [Ballot comment] The authors have resolved all of my comments. TYVM. |
2024-05-17
|
09 | Deb Cooley | [Ballot Position Update] Position for Deb Cooley has been changed to Yes from Discuss |
2024-05-17
|
09 | (System) | IANA Review state changed to Version Changed - Review Needed from IANA OK - Actions Needed |
2024-05-17
|
09 | himanshu sharma | New version available: draft-ietf-lamps-ocsp-nonce-update-09.txt |
2024-05-17
|
09 | himanshu sharma | New version accepted (logged-in submitter: himanshu sharma) |
2024-05-17
|
09 | himanshu sharma | Uploaded new revision |
2024-05-16
|
08 | Jenny Bui | IESG state changed to IESG Evaluation::AD Followup from IESG Evaluation |
2024-05-15
|
08 | Deb Cooley | [Ballot discuss] Section 2.1, paragraph 2: The MUST in this paragraph might create interoperability issues by setting the minimum nonce size for this draft to … [Ballot discuss] Section 2.1, paragraph 2: The MUST in this paragraph might create interoperability issues by setting the minimum nonce size for this draft to be the maximum nonce size for [RFC8954]. This is unfortunate. Is that necessary? There is nothing in the Security Considerations that discusses how long a nonce should be to be secure. [RFC8954] used a 1 byte nonce as the example of a nonce that is 'too small'. Section 2.1, paragraph 3: There appears to be some guidance attempted where the authors are recommending nonces of length 16-32. Is there rationale for this guidance? Again, there is nothing in Security Considerations that addresses what a secure nonce size might be. My recommendation is to simplify these two paragraphs to be clearer on the actual requirements (i.e. reject nonces that are 0 or larger than 128 bytes). And then to make simple and clear recommendations for nonce size ranges. |
2024-05-15
|
08 | Deb Cooley | [Ballot Position Update] New position, Discuss, has been recorded for Deb Cooley |
2024-05-15
|
08 | Sabrina Tanamal | IANA Review state changed to IANA OK - Actions Needed from Version Changed - Review Needed |
2024-05-15
|
08 | Murray Kucherawy | [Ballot comment] Thanks to Jim Fenton for his ARTART reviews (plural!). |
2024-05-15
|
08 | Murray Kucherawy | [Ballot Position Update] New position, No Objection, has been recorded for Murray Kucherawy |
2024-05-15
|
08 | Francesca Palombini | [Ballot Position Update] New position, No Objection, has been recorded for Francesca Palombini |
2024-05-14
|
08 | (System) | IANA Review state changed to Version Changed - Review Needed from IANA OK - Actions Needed |
2024-05-14
|
08 | himanshu sharma | New version available: draft-ietf-lamps-ocsp-nonce-update-08.txt |
2024-05-14
|
08 | himanshu sharma | New version accepted (logged-in submitter: himanshu sharma) |
2024-05-14
|
08 | himanshu sharma | Uploaded new revision |
2024-05-14
|
07 | Zaheduzzaman Sarker | [Ballot Position Update] New position, No Objection, has been recorded for Zaheduzzaman Sarker |
2024-05-13
|
07 | Joseph Salowey | Request for Telechat review by SECDIR Completed: Ready. Reviewer: Joseph Salowey. Sent review to list. Submission of review completed at an earlier date. |
2024-05-13
|
07 | Joseph Salowey | Request for Telechat review by SECDIR Completed: Ready. Reviewer: Joseph Salowey. |
2024-05-13
|
07 | Mahesh Jethanandani | [Ballot comment] Thanks to Susan Harris for her OPSDIR review. Although most of her comments were characterized as NITs, I feel they should be addressed. … [Ballot comment] Thanks to Susan Harris for her OPSDIR review. Although most of her comments were characterized as NITs, I feel they should be addressed. Specifically, and I know that more RFC were cited to explain OIDs in ASN.1, it was still not clear (to me) the correlation between the octet string and the values in the object identifier. Section 2.1, paragraph 3 > An OCSP responder that implements this document MUST reject any OCSP > request that has a Nonce with a length of either 0 octets or more > than 128 octets, with the malformedRequest OCSPResponseStatus as > described in Section 4.2.1 of [RFC6960]. Responders, supporting the > Nonce extension, MUST accept Nonce lengths of at least 16 octets and > MAY choose to ignore the Nonce extension for requests where the > length of the Nonce is less than 16 octets or more than 32 octets. I also support Paul's DISCUSS. No reference entries found for these items, which were mentioned in the text: [1], [2], and [0]. Note, xml2rfc interprets anything within a square bracket to be a reference that needs to be cited in the normative/informative list. |
2024-05-13
|
07 | Mahesh Jethanandani | [Ballot Position Update] New position, No Objection, has been recorded for Mahesh Jethanandani |
2024-05-13
|
07 | Paul Wouters | [Ballot discuss] Just a small bug to fix: An OCSP responder that implements this document MUST reject any … [Ballot discuss] Just a small bug to fix: An OCSP responder that implements this document MUST reject any OCSP request that has a Nonce with a length of either 0 octets or more than 128 octets, with the malformedRequest OCSPResponseStatus as described in Section 4.2.1 of [RFC6960]. Responders, supporting the Nonce extension, MUST accept Nonce lengths of at least 16 octets and MAY choose to ignore the Nonce extension for requests where the length of the Nonce is less than 16 octets or more than 32 octets. So a 0 length MUST reject, but a < 16 length MAY ignore? So for 0, these two requirements contradict each other. Maybe say for a length 1-15 MAY ignore? I'm also confused what "ignore" means. If it means "don't reply with the nonce" then shouldn't the client reject the message as it asked for a nonce. Or is it assumed asking for a 1-15 size nonce may result in no answer. Seems like a weird thing for a client to use then? Maybe "SHOULD NOT ask for 1-15 sized nonce" ? |
2024-05-13
|
07 | Paul Wouters | [Ballot comment] Maybe bring the reason for the nonce out from Section 3 to the Introduction, as I wondered why one would care about replays … [Ballot comment] Maybe bring the reason for the nonce out from Section 3 to the Introduction, as I wondered why one would care about replays of signed messages. It is not really a security consideration but part of the design. |
2024-05-13
|
07 | Paul Wouters | [Ballot Position Update] New position, Discuss, has been recorded for Paul Wouters |
2024-05-10
|
07 | Erik Kline | [Ballot comment] # Internet AD comments for draft-ietf-lamps-ocsp-nonce-update-07 CC @ekline * comment syntax: - https://github.com/mnot/ietf-comments/blob/main/format.md * "Handling Ballot Positions": - https://ietf.org/about/groups/iesg/statements/handling-ballot-positions/ ## Comments … [Ballot comment] # Internet AD comments for draft-ietf-lamps-ocsp-nonce-update-07 CC @ekline * comment syntax: - https://github.com/mnot/ietf-comments/blob/main/format.md * "Handling Ballot Positions": - https://ietf.org/about/groups/iesg/statements/handling-ballot-positions/ ## Comments ### S2.1 * I'm sure I must be confused, but I don't understand why this document says that OCSP responders supporting the Nonce extension MAY choose to ignore requests with lengths of the Nonce extension greater than 32 octets. It seems like the document is saying "clients: you can send up to 128; responders: drop things larger than 32 if you want". But I'm sure I must be misunderstanding something. |
2024-05-10
|
07 | Erik Kline | [Ballot Position Update] New position, No Objection, has been recorded for Erik Kline |
2024-05-10
|
07 | (System) | IANA Review state changed to IANA OK - Actions Needed from Version Changed - Review Needed |
2024-05-09
|
07 | Jim Guichard | [Ballot Position Update] New position, No Objection, has been recorded for Jim Guichard |
2024-05-08
|
07 | Gunter Van de Velde | [Ballot Position Update] New position, No Objection, has been recorded for Gunter Van de Velde |
2024-05-06
|
07 | himanshu sharma | New version available: draft-ietf-lamps-ocsp-nonce-update-07.txt |
2024-05-06
|
07 | himanshu sharma | New version accepted (logged-in submitter: himanshu sharma) |
2024-05-06
|
07 | himanshu sharma | Uploaded new revision |
2024-05-06
|
06 | Éric Vyncke | [Ballot comment] Thanks for the work done in this document. About `An OCSP client that implements this document MUST use a minimum length of 32 … [Ballot comment] Thanks for the work done in this document. About `An OCSP client that implements this document MUST use a minimum length of 32 octets for Nonce octets in the Nonce extension.` 1) should this MUST also appears somehow in the abstract ? 2) why not using `Nonce ::= OCTET STRING(SIZE(32..128))` ? to be consistent with the above MUST |
2024-05-06
|
06 | Éric Vyncke | [Ballot Position Update] New position, No Objection, has been recorded for Éric Vyncke |
2024-05-03
|
06 | Jim Fenton | Request for Telechat review by ARTART Completed: Ready with Nits. Reviewer: Jim Fenton. Sent review to list. |
2024-04-25
|
06 | Barry Leiba | Request for Telechat review by ARTART is assigned to Jim Fenton |
2024-04-25
|
06 | Tero Kivinen | Request for Telechat review by SECDIR is assigned to Joseph Salowey |
2024-04-24
|
06 | Roman Danyliw | Placed on agenda for telechat - 2024-05-16 |
2024-04-24
|
06 | Roman Danyliw | Ballot has been issued |
2024-04-24
|
06 | Roman Danyliw | [Ballot Position Update] New position, Yes, has been recorded for Roman Danyliw |
2024-04-24
|
06 | Roman Danyliw | Created "Approve" ballot |
2024-04-24
|
06 | Roman Danyliw | IESG state changed to IESG Evaluation from Waiting for AD Go-Ahead::AD Followup |
2024-04-24
|
06 | Roman Danyliw | Ballot writeup was changed |
2024-04-11
|
06 | (System) | Changed action holders to Roman Danyliw (IESG state changed) |
2024-04-11
|
06 | (System) | Sub state has been changed to AD Followup from Revised I-D Needed |
2024-04-11
|
06 | himanshu sharma | New version available: draft-ietf-lamps-ocsp-nonce-update-06.txt |
2024-04-11
|
06 | himanshu sharma | New version accepted (logged-in submitter: himanshu sharma) |
2024-04-11
|
06 | himanshu sharma | Uploaded new revision |
2024-04-09
|
05 | Susan Hares | Request for Last Call review by OPSDIR Completed: Has Nits. Reviewer: Susan Hares. Sent review to list. |
2024-04-04
|
05 | Roman Danyliw | Please review the IETF LC SECDIR feedback |
2024-04-04
|
05 | (System) | Changed action holders to himanshu sharma (IESG state changed) |
2024-04-04
|
05 | Roman Danyliw | IESG state changed to Waiting for AD Go-Ahead::Revised I-D Needed from Waiting for AD Go-Ahead |
2024-04-03
|
05 | Ines Robles | Request for Last Call review by GENART Completed: Ready. Reviewer: Ines Robles. Sent review to list. Submission of review completed at an earlier date. |
2024-04-03
|
05 | Ines Robles | Request for Last Call review by GENART Completed: Ready. Reviewer: Ines Robles. |
2024-04-03
|
05 | (System) | IESG state changed to Waiting for AD Go-Ahead from In Last Call |
2024-04-02
|
05 | (System) | IANA Review state changed to Version Changed - Review Needed from IANA OK - Actions Needed |
2024-04-02
|
05 | himanshu sharma | New version available: draft-ietf-lamps-ocsp-nonce-update-05.txt |
2024-04-02
|
05 | himanshu sharma | New version accepted (logged-in submitter: himanshu sharma) |
2024-04-02
|
05 | himanshu sharma | Uploaded new revision |
2024-04-01
|
04 | Jim Fenton | Request for Last Call review by ARTART Completed: Almost Ready. Reviewer: Jim Fenton. Sent review to list. |
2024-04-01
|
04 | Russ Housley | Shepherd Write-up for draft-ietf-lamps-ocsp-nonce-update-04 (1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Why is this the … Shepherd Write-up for draft-ietf-lamps-ocsp-nonce-update-04 (1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Why is this the proper type of RFC? Is this type of RFC indicated in the title page header? Proposed Standard. Yes, the header calls for Standards Track. This new RFC will update RFC 6960, which is a Proposed Standard. (2) The IESG approval announcement includes a Document Announcement Write-Up. Please provide such a Document Announcement Write-Up. Recent examples can be found in the "Action" announcements for approved documents. The approval announcement contains the following sections: Technical Summary: This document updates RFC 6960 to specify a maximum size for a nonce in the Online Certificate Status Protocol (OCSP), The nonce is used in the OCSP request and response messages to detect replay attacks. Working Group Summary: There is consensus for this document in the LAMPS WG. Document Quality: OCSP has wide support. Several people have expressed support of the size limit on the nonce that is specified in this document. Personnel: Russ Housley is the document shepherd. Roman Danyliw is the responsible area director. (3) Briefly describe the review of this document that was performed by the Document Shepherd. If this version of the document is not ready for publication, please explain why the document is being forwarded to the IESG. The document shepherd did a thorough review of the document during WG Last Call. A few concerns were raised, and they were explained or resolved. (4) Does the document Shepherd have any concerns about the depth or breadth of the reviews that have been performed? No concerns. (5) Do portions of the document need review from a particular or from broader perspective, e.g., security, operational complexity, AAA, DNS, DHCP, XML, or internationalization? If so, describe the review that took place. Several people that were involved in the PKIX WG were part of the review that took place during LAMPS WG Last Call. (6) Describe any specific concerns or issues that the Document Shepherd has with this document that the Responsible Area Director and/or the IESG should be aware of? For example, perhaps he or she is uncomfortable with certain parts of the document, or has concerns whether there really is a need for it. In any event, if the WG has discussed those issues and has indicated that it still wishes to advance the document, detail those concerns here. No concerns. (7) Has each author confirmed that any and all appropriate IPR disclosures required for full conformance with the provisions of BCP 78 and BCP 79 have already been filed. If not, explain why? The author explicitly stated that he is unaware of any additional IP that was introduced in the updates to the document. The author explicitly stated that he does not hold any IPR related to the document. (8) Has an IPR disclosure been filed that references this document? If so, summarize any WG discussion and conclusion regarding the IPR disclosures. No IPR disclosures have been submitted directly on this document, the individual I-D that came earlier (draft-msahni-lamps-ocsp-nonce), or RFC 6960. (9) How solid is the WG consensus behind this document? Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it? There is consensus for this document in the LAMPS WG. (10) Has anyone threatened an appeal or otherwise indicated extreme discontent? If so, please summarise the areas of conflict in separate email messages to the Responsible Area Director. (It should be in a separate email because this questionnaire is publicly available.) No one has threatened an appeal. (11) Identify any ID nits the Document Shepherd has found in this document. (See http://www.ietf.org/tools/idnits/ and the Internet-Drafts Checklist). Boilerplate checks are not enough; this check needs to be thorough. IDnits reports: -- The draft header indicates that this document updates RFC6960, but the abstract doesn't seem to directly say this. It does mention RFC6960 though, so this could be OK. The Abstract includes "This document updates the RFC 6960". This warning seems to be the result of "the" or a missing period. (12) Describe how the document meets any required formal review criteria, such as the MIB Doctor, media type, and URI type reviews. No special reviews are needed. (13) Have all references within this document been identified as either normative or informative? Yes. (14) Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state? If such normative references exist, what is the plan for their completion? No. (15) Are there downward normative references references (see RFC 3967)? If so, list these downward references to support the Area Director in the Last Call procedure. There are no downward normative references. (16) Will publication of this document change the status of any existing RFCs? Are those RFCs listed on the title page header, listed in the abstract, and discussed in the introduction? If the RFCs are not listed in the Abstract and Introduction, explain why, and point to the part of the document where the relationship of this document to the other RFCs is discussed. If this information is not in the document, explain why the WG considers it unnecessary. This new RFC will update RFC 6090, which is clearly stated on the title page and the Abstract. (17) Describe the Document Shepherd's review of the IANA considerations section, especially with regard to its consistency with the body of the document. Confirm that all protocol extensions that the document makes are associated with the appropriate reservations in IANA registries. Confirm that any referenced IANA registries have been clearly identified. Confirm that newly created IANA registries include a detailed specification of the initial contents for the registry, that allocations procedures for future registrations are defined, and a reasonable name for the new registry has been suggested (see RFC 5226). This document requires the assignment of two module identifiers for the revised ASN.1 modules. (18) List any new IANA registries that require Expert Review for future allocations. Provide any public guidance that the IESG would find useful in selecting the IANA Experts for these new registries. No new IANA registries are needed. (19) Describe reviews and automated checks performed by the Document Shepherd to validate sections of the document written in a formal language, such as XML code, BNF rules, MIB definitions, etc. The ASN.1 module in RFC 6960, once updated with the changes in this document, properly compiles. (Thanks for Jim Schaad for doing that for the LAMPS WG.) |
2024-03-31
|
04 | Joseph Salowey | Request for Last Call review by SECDIR Completed: Has Issues. Reviewer: Joseph Salowey. Sent review to list. |
2024-03-30
|
04 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Joseph Salowey |
2024-03-29
|
04 | (System) | IANA Review state changed to IANA OK - Actions Needed from IANA - Review Needed |
2024-03-29
|
04 | David Dong | (Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs: IANA has completed its review of draft-ietf-lamps-ocsp-nonce-update-04. If any part of this review is inaccurate, please let us know. IANA … (Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs: IANA has completed its review of draft-ietf-lamps-ocsp-nonce-update-04. If any part of this review is inaccurate, please let us know. IANA understands that, upon approval of this document, there is a single action which we must complete. In the SMI Security for PKIX Module Identifier registry in the Structure of Management Information (SMI) Numbers (MIB Module Registrations) registry group located at: https://www.iana.org/assignments/smi-numbers/ two new registrations will be made as follows: Decimal: [ TBD-at-Registration ] Description: id-mod-ocsp-2024-88 Reference: [ RFC-to-be ] Decimal: [ TBD-at-Registration ] Description: id-mod-ocsp-2024-08 Reference: [ RFC-to-be ] As this document requests registrations in an Expert Review or Specification Required (see RFC 8126) registry, we have initiated and completed the required Expert Review via a separate request. We understand that this is the only action required to be completed upon approval of this document. NOTE: The actions requested in this document will not be completed until the document has been approved for publication as an RFC. This message is meant only to confirm the list of actions that will be performed. For definitions of IANA review states, please see: https://datatracker.ietf.org/help/state/draft/iana-review Thank you, David Dong IANA Services Sr. Specialist |
2024-03-22
|
04 | Jean Mahoney | Request for Last Call review by GENART is assigned to Ines Robles |
2024-03-22
|
04 | Barry Leiba | Request for Last Call review by ARTART is assigned to Jim Fenton |
2024-03-21
|
04 | David Dong | IANA Experts State changed to Expert Reviews OK from Reviews assigned |
2024-03-21
|
04 | Carlos Pignataro | Request for Last Call review by OPSDIR is assigned to Susan Hares |
2024-03-20
|
04 | David Dong | IANA Experts State changed to Reviews assigned |
2024-03-20
|
04 | Cindy Morgan | IANA Review state changed to IANA - Review Needed |
2024-03-20
|
04 | Cindy Morgan | The following Last Call announcement was sent out (ends 2024-04-03): From: The IESG To: IETF-Announce CC: draft-ietf-lamps-ocsp-nonce-update@ietf.org, housley@vigilsec.com, lamps-chairs@ietf.org, rdd@cert.org, spasm@ietf.org … The following Last Call announcement was sent out (ends 2024-04-03): From: The IESG To: IETF-Announce CC: draft-ietf-lamps-ocsp-nonce-update@ietf.org, housley@vigilsec.com, lamps-chairs@ietf.org, rdd@cert.org, spasm@ietf.org Reply-To: last-call@ietf.org Sender: Subject: Last Call: (Online Certificate Status Protocol (OCSP) Nonce Extension) to Proposed Standard The IESG has received a request from the Limited Additional Mechanisms for PKIX and SMIME WG (lamps) to consider the following document: - 'Online Certificate Status Protocol (OCSP) Nonce Extension' as Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the last-call@ietf.org mailing lists by 2024-04-03. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract RFC 8954 imposed the size constraints on the optional Nonce extension for the Online Certificate Status Protocol (OCSP). OCSP is used for checking the status of a certificate, and the Nonce extension is used to cryptographically bind an OCSP response message to a particular OCSP request message. Some environments use cryptographic algorithms that generate a Nonce value that is longer than 32 octets. This document updates the maximum allowed length of Nonce to 128 octets. This document also modifies Nonce section to clearly define the encoding format and values distinctively for an easier implementation and understanding. This document is a complete replacement for RFC 8954, obsoleting RFC 8954 and provides updated ASN.1 modules for OCSP, updating RFC 6960. The file can be obtained via https://datatracker.ietf.org/doc/draft-ietf-lamps-ocsp-nonce-update/ No IPR declarations have been submitted directly on this I-D. |
2024-03-20
|
04 | Cindy Morgan | IESG state changed to In Last Call from Last Call Requested |
2024-03-20
|
04 | Roman Danyliw | Last call was requested |
2024-03-20
|
04 | Roman Danyliw | Last call announcement was generated |
2024-03-20
|
04 | Roman Danyliw | Ballot approval text was generated |
2024-03-20
|
04 | Roman Danyliw | Ballot writeup was generated |
2024-03-20
|
04 | Roman Danyliw | IESG state changed to Last Call Requested from Publication Requested |
2024-03-19
|
04 | Russ Housley | Shepherd Write-up for draft-ietf-lamps-ocsp-nonce-update-04 (1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Why is this the … Shepherd Write-up for draft-ietf-lamps-ocsp-nonce-update-04 (1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Why is this the proper type of RFC? Is this type of RFC indicated in the title page header? Proposed Standard. Yes, the header calls for Standards Track. This new RFC will update RFC 6960, which is a Proposed Standard. (2) The IESG approval announcement includes a Document Announcement Write-Up. Please provide such a Document Announcement Write-Up. Recent examples can be found in the "Action" announcements for approved documents. The approval announcement contains the following sections: Technical Summary: This document updates RFC 6960 to specify a maximum size for a nonce in the Online Certificate Status Protocol (OCSP), The nonce is used in the OCSP request and response messages to detect replay attacks. Working Group Summary: There is consensus for this document in the LAMPS WG. Document Quality: OCSP has wide support. Several people have expressed support of the size limit on the nonce that is specified in this document. Personnel: Russ Housley is the document shepherd. Roman Danyliw is the responsible area director. (3) Briefly describe the review of this document that was performed by the Document Shepherd. If this version of the document is not ready for publication, please explain why the document is being forwarded to the IESG. The document shepherd did a thorough review of the document during WG Last Call. A few concerns were raised, and they were explained or resolved. (4) Does the document Shepherd have any concerns about the depth or breadth of the reviews that have been performed? No concerns. (5) Do portions of the document need review from a particular or from broader perspective, e.g., security, operational complexity, AAA, DNS, DHCP, XML, or internationalization? If so, describe the review that took place. Several people that were involved in the PKIX WG were part of the review that took place during LAMPS WG Last Call. (6) Describe any specific concerns or issues that the Document Shepherd has with this document that the Responsible Area Director and/or the IESG should be aware of? For example, perhaps he or she is uncomfortable with certain parts of the document, or has concerns whether there really is a need for it. In any event, if the WG has discussed those issues and has indicated that it still wishes to advance the document, detail those concerns here. No concerns. (7) Has each author confirmed that any and all appropriate IPR disclosures required for full conformance with the provisions of BCP 78 and BCP 79 have already been filed. If not, explain why? The author explicitly stated that he is unaware of any additional IP that was introduced in the updates to the document. The author explicitly stated that he does not hold any IPR related to the document. (8) Has an IPR disclosure been filed that references this document? If so, summarize any WG discussion and conclusion regarding the IPR disclosures. No IPR disclosures have been submitted directly on this document, the individual I-D that came earlier (draft-msahni-lamps-ocsp-nonce), or RFC 6960. (9) How solid is the WG consensus behind this document? Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it? There is consensus for this document in the LAMPS WG. (10) Has anyone threatened an appeal or otherwise indicated extreme discontent? If so, please summarise the areas of conflict in separate email messages to the Responsible Area Director. (It should be in a separate email because this questionnaire is publicly available.) No one has threatened an appeal. (11) Identify any ID nits the Document Shepherd has found in this document. (See http://www.ietf.org/tools/idnits/ and the Internet-Drafts Checklist). Boilerplate checks are not enough; this check needs to be thorough. IDnits reports: -- The draft header indicates that this document updates RFC6960, but the abstract doesn't seem to directly say this. It does mention RFC6960 though, so this could be OK. The Abstract includes "This document updates the RFC 6960". This warning seems to be the result of "the" or a missing period. (12) Describe how the document meets any required formal review criteria, such as the MIB Doctor, media type, and URI type reviews. No special reviews are needed. (13) Have all references within this document been identified as either normative or informative? Yes. (14) Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state? If such normative references exist, what is the plan for their completion? No. (15) Are there downward normative references references (see RFC 3967)? If so, list these downward references to support the Area Director in the Last Call procedure. There are no downward normative references. (16) Will publication of this document change the status of any existing RFCs? Are those RFCs listed on the title page header, listed in the abstract, and discussed in the introduction? If the RFCs are not listed in the Abstract and Introduction, explain why, and point to the part of the document where the relationship of this document to the other RFCs is discussed. If this information is not in the document, explain why the WG considers it unnecessary. This new RFC will update RFC 6090, which is clearly stated on the title page and the Abstract. (17) Describe the Document Shepherd's review of the IANA considerations section, especially with regard to its consistency with the body of the document. Confirm that all protocol extensions that the document makes are associated with the appropriate reservations in IANA registries. Confirm that any referenced IANA registries have been clearly identified. Confirm that newly created IANA registries include a detailed specification of the initial contents for the registry, that allocations procedures for future registrations are defined, and a reasonable name for the new registry has been suggested (see RFC 5226). This document does not call for any IANA actions. (18) List any new IANA registries that require Expert Review for future allocations. Provide any public guidance that the IESG would find useful in selecting the IANA Experts for these new registries. No new IANA registries are needed. (19) Describe reviews and automated checks performed by the Document Shepherd to validate sections of the document written in a formal language, such as XML code, BNF rules, MIB definitions, etc. The ASN.1 module in RFC 6960, once updated with the changes in this document, properly compiles. (Thanks for Jim Schaad for doing that for the LAMPS WG.) |
2024-03-19
|
04 | Russ Housley | IETF WG state changed to Submitted to IESG for Publication from WG Consensus: Waiting for Write-Up |
2024-03-19
|
04 | Russ Housley | IESG state changed to Publication Requested from I-D Exists |
2024-03-19
|
04 | (System) | Changed action holders to Roman Danyliw (IESG state changed) |
2024-03-19
|
04 | Russ Housley | Responsible AD changed to Roman Danyliw |
2024-03-19
|
04 | Russ Housley | Document is now in IESG state Publication Requested |
2024-03-19
|
04 | Russ Housley | IETF WG state changed to WG Consensus: Waiting for Write-Up from In WG Last Call |
2024-03-19
|
04 | Russ Housley | Shepherd Write-up for draft-ietf-lamps-ocsp-nonce-update-04 (1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Why is this the … Shepherd Write-up for draft-ietf-lamps-ocsp-nonce-update-04 (1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Why is this the proper type of RFC? Is this type of RFC indicated in the title page header? Proposed Standard. Yes, the header calls for Standards Track. This new RFC will update RFC 6960, which is a Proposed Standard. (2) The IESG approval announcement includes a Document Announcement Write-Up. Please provide such a Document Announcement Write-Up. Recent examples can be found in the "Action" announcements for approved documents. The approval announcement contains the following sections: Technical Summary: This document updates RFC 6960 to specify a maximum size for a nonce in the Online Certificate Status Protocol (OCSP), The nonce is used in the OCSP request and response messages to detect replay attacks. Working Group Summary: There is consensus for this document in the LAMPS WG. Document Quality: OCSP has wide support. Several people have expressed support of the size limit on the nonce that is specified in this document. Personnel: Russ Housley is the document shepherd. Roman Danyliw is the responsible area director. (3) Briefly describe the review of this document that was performed by the Document Shepherd. If this version of the document is not ready for publication, please explain why the document is being forwarded to the IESG. The document shepherd did a thorough review of the document during WG Last Call. A few concerns were raised, and they were explained or resolved. (4) Does the document Shepherd have any concerns about the depth or breadth of the reviews that have been performed? No concerns. (5) Do portions of the document need review from a particular or from broader perspective, e.g., security, operational complexity, AAA, DNS, DHCP, XML, or internationalization? If so, describe the review that took place. Several people that were involved in the PKIX WG were part of the review that took place during LAMPS WG Last Call. (6) Describe any specific concerns or issues that the Document Shepherd has with this document that the Responsible Area Director and/or the IESG should be aware of? For example, perhaps he or she is uncomfortable with certain parts of the document, or has concerns whether there really is a need for it. In any event, if the WG has discussed those issues and has indicated that it still wishes to advance the document, detail those concerns here. No concerns. (7) Has each author confirmed that any and all appropriate IPR disclosures required for full conformance with the provisions of BCP 78 and BCP 79 have already been filed. If not, explain why? The author explicitly stated that he is unaware of any additional IP that was introduced in the updates to the document. The author explicitly stated that he does not hold any IPR related to the document. (8) Has an IPR disclosure been filed that references this document? If so, summarize any WG discussion and conclusion regarding the IPR disclosures. No IPR disclosures have been submitted directly on this document, the individual I-D that came earlier (draft-msahni-lamps-ocsp-nonce), or RFC 6960. (9) How solid is the WG consensus behind this document? Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it? There is consensus for this document in the LAMPS WG. (10) Has anyone threatened an appeal or otherwise indicated extreme discontent? If so, please summarise the areas of conflict in separate email messages to the Responsible Area Director. (It should be in a separate email because this questionnaire is publicly available.) No one has threatened an appeal. (11) Identify any ID nits the Document Shepherd has found in this document. (See http://www.ietf.org/tools/idnits/ and the Internet-Drafts Checklist). Boilerplate checks are not enough; this check needs to be thorough. IDnits reports: -- The draft header indicates that this document updates RFC6960, but the abstract doesn't seem to directly say this. It does mention RFC6960 though, so this could be OK. The Abstract includes "This document updates the RFC 6960". This warning seems to be the result of "the" or a missing period. (12) Describe how the document meets any required formal review criteria, such as the MIB Doctor, media type, and URI type reviews. No special reviews are needed. (13) Have all references within this document been identified as either normative or informative? Yes. (14) Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state? If such normative references exist, what is the plan for their completion? No. (15) Are there downward normative references references (see RFC 3967)? If so, list these downward references to support the Area Director in the Last Call procedure. There are no downward normative references. (16) Will publication of this document change the status of any existing RFCs? Are those RFCs listed on the title page header, listed in the abstract, and discussed in the introduction? If the RFCs are not listed in the Abstract and Introduction, explain why, and point to the part of the document where the relationship of this document to the other RFCs is discussed. If this information is not in the document, explain why the WG considers it unnecessary. This new RFC will update RFC 6090, which is clearly stated on the title page and the Abstract. (17) Describe the Document Shepherd's review of the IANA considerations section, especially with regard to its consistency with the body of the document. Confirm that all protocol extensions that the document makes are associated with the appropriate reservations in IANA registries. Confirm that any referenced IANA registries have been clearly identified. Confirm that newly created IANA registries include a detailed specification of the initial contents for the registry, that allocations procedures for future registrations are defined, and a reasonable name for the new registry has been suggested (see RFC 5226). This document does not call for any IANA actions. (18) List any new IANA registries that require Expert Review for future allocations. Provide any public guidance that the IESG would find useful in selecting the IANA Experts for these new registries. No new IANA registries are needed. (19) Describe reviews and automated checks performed by the Document Shepherd to validate sections of the document written in a formal language, such as XML code, BNF rules, MIB definitions, etc. The ASN.1 module in RFC 6960, once updated with the changes in this document, properly compiles. (Thanks for Jim Schaad for doing that for the LAMPS WG.) |
2024-03-16
|
04 | himanshu sharma | New version available: draft-ietf-lamps-ocsp-nonce-update-04.txt |
2024-03-16
|
04 | himanshu sharma | New version accepted (logged-in submitter: himanshu sharma) |
2024-03-16
|
04 | himanshu sharma | Uploaded new revision |
2024-03-06
|
03 | Russ Housley | Notification list changed to housley@vigilsec.com because the document shepherd was set |
2024-03-06
|
03 | Russ Housley | Document shepherd changed to Russ Housley |
2024-03-06
|
03 | Russ Housley | Intended Status changed to Proposed Standard from None |
2024-03-06
|
03 | Russ Housley | Changed consensus to Yes from Unknown |
2024-03-06
|
03 | Russ Housley | IETF WG state changed to In WG Last Call from WG Document |
2024-02-29
|
03 | himanshu sharma | New version available: draft-ietf-lamps-ocsp-nonce-update-03.txt |
2024-02-29
|
03 | himanshu sharma | New version accepted (logged-in submitter: himanshu sharma) |
2024-02-29
|
03 | himanshu sharma | Uploaded new revision |
2024-02-28
|
02 | himanshu sharma | New version available: draft-ietf-lamps-ocsp-nonce-update-02.txt |
2024-02-28
|
02 | himanshu sharma | New version accepted (logged-in submitter: himanshu sharma) |
2024-02-28
|
02 | himanshu sharma | Uploaded new revision |
2024-02-24
|
01 | himanshu sharma | New version available: draft-ietf-lamps-ocsp-nonce-update-01.txt |
2024-02-24
|
01 | himanshu sharma | New version accepted (logged-in submitter: himanshu sharma) |
2024-02-24
|
01 | himanshu sharma | Uploaded new revision |
2024-02-20
|
00 | Russ Housley | This document now replaces draft-hsharma-lamps-ocsp-nonce-update instead of None |
2024-02-20
|
00 | himanshu sharma | New version available: draft-ietf-lamps-ocsp-nonce-update-00.txt |
2024-02-20
|
00 | Russ Housley | WG -00 approved |
2024-02-20
|
00 | himanshu sharma | Set submitter to "Himanshu Sharma ", replaces to draft-hsharma-lamps-ocsp-nonce-update and sent approval email to group chairs: lamps-chairs@ietf.org |
2024-02-20
|
00 | himanshu sharma | Uploaded new revision |