Clarification and enhancement of RFC7030 CSR Attributes definition
draft-ietf-lamps-rfc7030-csrattrs-23

Received changes through RFC Editor sync (changed state to RFC, created became rfc relationship between draft-ietf-lamps-rfc7030-csrattrs and RFC 9908, changed IESG state to RFC Published)

[Ballot comment]
Hi Michael, Owen, David, and Dan,

Thank you for taking care of the DISCUSS/COMMENT points in my initial ballot [1] and follow-ups [2]. I trust the agreed changes will make to the the public version.

Cheers,
Med

[1] https://mailarchive.ietf.org/arch/msg/spasm/oSM0A0mktO2sKeM3DZuc2jPv_Ig/

[2] https://mailarchive.ietf.org/arch/msg/spasm/b2XBt1fGYXtux6KFo0ub0m_9B2Y/

[Ballot comment]
Hi Michael, Owen, David, and Dan,

Thank you for taking care of the DISCUSS/COMMENT points in my initial ballot [1] and follow-ups [2]. I trust the agreed changes will make to the the public version.

Cheers,
Med

[1]

[2] https://mailarchive.ietf.org/arch/msg/spasm/b2XBt1fGYXtux6KFo0ub0m_9B2Y/

[Ballot comment]
A few minor comments:

        the 'subjectAltName' extension with DNS name "www.myServer.com" and an empty IP address to be filled in,

I had to read this a number of times to understand it. How about:


        the 'subjectAltName' extension with two entries; one DNS entry with name "www.myServer.com" and IP
        entry that is empty for the IP address to be filled in.

Section 5.1.2

I was puzzled by the ac@  sample.com until I remembered a warning from my co-AD
about a hidden scrollbar. It would be good if this can be avoided.

I found at least three markdown notations in the text that failed to expand properly while
generating xml from markdown that need to be fixed.b

[Ballot comment]
I am not a CSR expert, so most of these comments come from reading the document and seeing where some clarity could be provided.

Section 3.1, paragraph 1
>    These attributes can provide additional descriptive information that
>    the EST server cannot access itself, such as the Media Access Control
>    (MAC) address of an interface of the EST client. The EST server can
>    also provide concrete values that it tells the client to include in
>    the CSR, such as a specific X.509 Subject Alternative Name extension.
>    Moreover, these attributes can indicate the type of the included
>    public key or which crypto algorithms to use for the self-signature,
>    such as a specific elliptic curve or a specific hash function that
>    the client is expected to use when generating the CSR.

I know the first sentence comes from RFC 7030, but since we are updating the paragraph ...

Is it that the attributes are providing "descriptive" information? Later in Section 5.2.2 there is mention of how the MAC address is expected to be included in the CSR. In what way is that just a "descriptive" information?

Possible DOWNREF from this Standards Track doc to [X.680]. If so, the IESG
needs to approve it.

Found terminology that should be reviewed for inclusivity; see
https://www.rfc-editor.org/part2/#inclusive_language for background and more
guidance:

* Term "dummy"; alternatives might be "placeholder", "sample", "stand-in",
  "substitute"

-------------------------------------------------------------------------------
NIT
-------------------------------------------------------------------------------

All comments below are about very minor potential issues that you may choose to
address in some way - or ignore - as you see fit. Some were flagged by
automated tools (via https://github.com/larseggert/ietf-reviewtool), so there
will likely be some false positives. There is no need to let me know what you
did with these suggestions.

Section 1, paragraph 1
>    Enrollment over Secure Transport [RFC7030] (EST) has been used in a
>    wide variety of applications.  In particular, [RFC8994] and [RFC8995]
>    describe a way to use it in order to build out an autonomic control
>    plane (ACP) [RFC8368].

s/automatic control plane (ACP)/Automatic Control Plane (ACP)/

Section 3.2, paragraph 14
>    When not using the template-based approach of {#csrtemplate},
>    specifying the requirement for a public key of a specific type and
>    optionally its size and other parameters MUST be done as follows:
>    Include exactly one Attribute with the type field being the OID
>    specifying the type of the key, such as ecPublicKey or rsaEncryption.
>    The 'values' field MAY be empty to indicate no further requirements
>    on the key.  Otherwise it MUST contain suitable parameters for the
>    given key type, such as a singleton set containing the OID of an EC
>    curve such as secp384r1 or containing an integer value for the RSA
>    key size such as 4096.  Many examples for this are given in
>    {#examples}

Is {#examples} meant to be a cross-reference to the Examples section? If so in both the HTML and TXT version of the document, it is not expanding correctly. Similar issue exists with other cross-references, e.g., {#csrtemplate}.

Section 3.2, paragraph 10
> further requirements on the key. Otherwise it MUST contain suitable paramete
>                                  ^^^^^^^^^
A comma may be missing after the conjunctive/linking adverb "Otherwise".

Section 3.3, paragraph 9
> laces no requirements on the key. Otherwise it MUST be present, and the 'algo
>                                  ^^^^^^^^^
A comma may be missing after the conjunctive/linking adverb "Otherwise".

Section 3.3, paragraph 14
> o use the given extension value. Otherwise it is expected to fill in the ext
>                                  ^^^^^^^^^
A comma may be missing after the conjunctive/linking adverb "Otherwise".

[Ballot comment]
Thanks to the authors and the WG for their work on this document. I have only a few minor comments/suggestions provided inline below with the idnits output of v20 of the document.


153 3.1.  Extensions to RFC 7030 section 2.6

155   Replace the second paragraph with the following text:

Would be easier for the reader if the old paragraph was also listed
here - as in old/new style of patching.


218   When not using the template-based approach of {#csrtemplate},

I did not understand what "{#csrtemplate}" refers to. There is also a
"{#examples}". I get the impression that they are some references?

219   specifying the requirement for a public key of a specific type and
220   optionally its size and other parameters MUST be done as follows:


782 7.  IANA Considerations

784   IANA is asked to allocate two new Object Identifiers:

I see three below.

[Ballot discuss]
Hi Michael, Owen, David, and Dan,

Thanks for the effort put into this specification.

I have an easy-to-fix DISCUSS and some few comments.

# DISCUSS

## Conflict between registered IANA value vs ASN Module

Section 7 has the following:

  *  One (TBD2) from the SMI Security for S/MIME Attributes
      (1.2.840.113549.1.9.16.2) registry for the Certification Request
      Information Template (id-aa-csrinfo) attribute; see Appendix A

while Appendix A has:

  id-aa-certificationRequestInfoTemplate OBJECT IDENTIFIER ::=
    { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
      smime(16) aa(2) csrinfo(TBD2)

Please check.

As I’m there, please fix the following:

OLD: IANA is asked to allocate two new Object Identifiers

NEW: IANA is asked to allocate three new Object Identifiers

[Ballot comment]
# Incomplete citations

CURRENT:
  As a result of some implementation challenges, it came to light that
  this particular way of using the CSR attributes was not universally
  agreed upon, and it was suggested that it went contrary to section
  2.6.

  Section 2.6 says that the CSR attributes "can provide additional
  descriptive information that the EST server cannot access itself".
  This is extended to describe how the EST server can provide values
  that it demands to use.

Please explicit this is about section 2.6 of RFC 7030.

There other similar occurrences in the document that need to be fixed.

#

CURRENT:
  Also, section 4.5.2 is extended to clarify the use of the existing
  ASN.1 syntax [X.680][X.690].  This covers all uses and is fully
  backward compatible with existing use.

* s/ section 4.5.2/section 4.5.2 of [RFC7030]

* Why X.690 is not listed as normative as X.680?

* “all uses”: how can claim this?

# mixing spec vs. use example in Section 3.2

CURRENT:
  With this understanding, the needs of [RFC8994] and [RFC8995] are
  satisfied with no change to the bits on the wire.

Do we need to have this here?

# Section 3.3

CURRENT:
  *  The 'subject' field has been made OPTIONAL.  It MUST be present if
      the server places any requirements on the RDNs of the subject
      name;

Can we cite an example of requirement on RDNs?

# Legacy

CURRENT:
  Legacy servers MAY continue to use the [RFC7030]-style unstructured
  list of attribute/value pairs, and MAY also include the template
  style described in {#csrtemplate}.

Does the second MAY apply for a “legacy” server?

(nit) please fix the md reference. There are other similar broken citation in the doc.

# Consider moving section with examples to an appendix.

Cheers,
Med

[Ballot comment]

# Éric Vyncke, INT AD, comments for draft-ietf-lamps-rfc7030-csrattrs-20
CC @evyncke

Thank you for the work put into this document.

Please find below some non-blocking COMMENT points (but replies would be appreciated even if only for my own education), and one nit.

Special thanks to Russ Housley for the shepherd's write-up (albeit using an old template) including the WG consensus and the justification of the intended status.

I hope that this review helps to improve the document,

Regards,

-éric

## COMMENTS (non-blocking)

### Abstract (and Introduction)

`EST` is used before its expansion.

`way of using the CSR attributes was not universally agreed upon` is ambiguous as it could be read as this RFC lacked IETF consensus.

### Section 3.3

s/some useless fields have to be included/some *unused* fields have to be included/ or restrict the scope of this sentence just to SET ?

Who is the "we" in `We avoid these drawbacks as follows` ? The authors ? the LAMPS WG ? the IETF community ? Please avoid using "we" or be specific.

### Section 5.1.2

Please note that "acample.com" should probably replaced by "example.com".

## NITS (non-blocking / cosmetic)

### Section 1

s/autonomic control plane (ACP)/Autonomic Control Plane (ACP)/

[Ballot comment]
# Andy Newton, ART AD, comments for DRAFT
CC @anewton1998

* line numbers:
  - https://author-tools.ietf.org/api/idnits?url=https://www.ietf.org/archive/id/draft-ietf-lamps-rfc7030-csrattrs-20.txt&submitcheck=True

* comment syntax:
  - https://github.com/mnot/ietf-comments/blob/main/format.md

* "Handling Ballot Positions":
  - https://ietf.org/about/groups/iesg/statements/handling-ballot-positions/


## Comments

This looks good. Thanks for the work.

## Nits

### Markdown Reference Syntax

For your next revision: the following Markdown references appear to use the wrong syntax.

218        When not using the template-based approach of {#csrtemplate},

and

228        {#examples}

[Ballot comment]
This document does not appear to raise transport-related concerns.

I do though have a number of comments - intended to help readability of the next revision.

The abstract says: “RFC7030 (EST) and clarifies how the CSR Attributes Response can be used by an EST server to specify both CSR attribute OIDs”
- EST, CSR and OID : please define or expand all acronyms on their first usage for easier reading of the abstract.

“As a result of some of the implementation challenges, it came to light that the particular way of that RFC7030 (EST) says to use the CSR attributes was not universally agreed upon.”
- I liked the context, buit this is a little hard to read, could it please be written simpler?

===

Introduction:

I suggest RFC7030 is referenced when first mentioned, and EST expanded at the start.

The following text was not clear to me: “it was suggested that it went contrary to section 2.6”. - I assumed this was a reference to another RFC? The language could be improved and please cite RFC 7030, if this is being referenced? or whatever reference if something else?

====

Section 3.2 refers to something that I was unsure about, is this the text that appears in RFC70303 as:
“The syntax for application/csrattrs body is as follows:” part of the RFC, it would help to clarify in the text what was being changed.

NiT: There is a missing period after:
“ Many examples for this are given in {#examples}“
- what is #examples?

RDN is used before being defined.
CMRF is not defined.

“If the 'extnValue' is present (which is always the case when type Extension is used), the client is required to use the given extension value.“
- This seems like a requirement: Could this be an RFC2119 “MUST” requirement?
====

What does this require: “Otherwise it is  expected to fill in the extension value.", could this be written in RFC2119 language?

What does this require: “If the 'subjectAltName' extension contains the 'directoryName' choice containing the NULL-DN (i.e., an empty sequence of RDNs) or the'iPAddress' choice with an empty OCTET STRING, this means that the client is expected to fill in the respective GeneralName value.”, could this be written using RFC2119 language?

IESG/Authors/WG Chairs:

IANA has completed its review of draft-ietf-lamps-rfc7030-csrattrs-16. If any part of this review is inaccurate, please let us know.

IANA understands that, upon approval of this document, there are two actions which we must complete.

IANA believes that there is a small typo in the IANA Considerations section where the authors suggest that IANA is asked to allocate two new Object Identifiers, but then actually request three.

First, in the SMI Security for S/MIME Module Identifier (1.2.840.113549.1.9.16.0) registry in the Structure of Management Information (SMI) Numbers (MIB Module Registrations) registry group located at:

https://www.iana.org/assignments/smi-numbers/

a single new registration is to be made as follows:

Decimal: [ TBD-at-Registration ]
Description: id-mod-critemplate
Reference: [ RFC-to-be ]

As this document requests a registration in an Expert Review or Specification Required (see RFC 8126) registry, we have completed the required Expert Review via a separate request.

Second, in the SMI Security for S/MIME Attributes (1.2.840.113549.1.9.16.2) registry also in the Structure of Management Information (SMI) Numbers (MIB Module Registrations) registry group located at:

https://www.iana.org/assignments/smi-numbers/

two new registrations are to be made as follows:

Decimal: [ TBD-at-Registration ]
Description: id-aa-extensionReqTemplate
Reference: [ RFC-to-be ]

Decimal: [ TBD-at-Registration ]
Description: id-aa-certificationRequestInfoTemplate
Reference: [ RFC-to-be ]

As this also requests registrations in an Expert Review or Specification Required (see RFC 8126) registry, we have completed the required Expert Review via a separate request.

We understand that these are the only actions required to be completed upon approval of this document.

NOTE: The actions requested in this document will not be completed until the document has been approved for publication as an RFC. This message is meant only to confirm the list of actions that will be performed.

For definitions of IANA review states, please see:

https://datatracker.ietf.org/help/state/draft/iana-review

Thank you,

David Dong
IANA Services Sr. Specialist

The following Last Call announcement was sent out (ends 2025-02-20):

From: The IESG
To: IETF-Announce
CC: debcooley1@gmail.com, draft-ietf-lamps-rfc7030-csrattrs@ietf.org, housley@vigilsec.com, lamps-chairs@ietf.org, spasm@ietf.org
Reply-To: last-call@ietf.org
Sender:
Subject: Last Call:  (Clarification and enhancement of RFC7030 CSR Attributes definition) to Proposed Standard


The IESG has received a request from the Limited Additional Mechanisms for
PKIX and SMIME WG (lamps) to consider the following document: -
'Clarification and enhancement of RFC7030 CSR Attributes definition'
  as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits final
comments on this action. Please send substantive comments to the
last-call@ietf.org mailing lists by 2025-02-20. Exceptionally, comments may
be sent to iesg@ietf.org instead. In either case, please retain the beginning
of the Subject line to allow automated sorting.

Abstract


  This document updates RFC7030 (EST) and clarifies how the CSR
  Attributes Response can be used by an EST server to specify both CSR
  attribute OIDs and also CSR attribute values, in particular X.509
  extension values, that the server expects the client to include in
  subsequent CSR request.

  The Enrollment over Secure Transport (EST, RFC7030) is ambiguous in
  its specification of the CSR Attributes Response.  This has resulted
  in implementation challenges and implementor confusion.  As a result
  of some of the implementation challenges, it came to light that the
  particular way of that RFC7030 (EST) says to use the CSR attributes
  was not universally agreed upon.

  This document therefore also provides a new straightforward approach:
  using a template for CSR contents that may be partially filled in by
  the server.  This also allows an EST server to specify a subject
  Distinguished Name (DN).




The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-lamps-rfc7030-csrattrs/



No IPR declarations have been submitted directly on this I-D.

Shepherd Write-up for draft-ietf-lamps-rfc7030-csrattrs-15


(1) What type of RFC is being requested (BCP, Proposed Standard, Internet
Standard, Informational, Experimental, or Historic)?  Why is this the
proper type of RFC?  Is this type of RFC indicated in the title page
header?

  Proposed Standard.  Yes, the header calls for Standards Track.
 
  This new RFC will update RFC 7030, which is a Proposed Standard.
 

(2) The IESG approval announcement includes a Document Announcement
Write-Up.  Please provide such a Document Announcement Write-Up.  Recent
examples can be found in the "Action" announcements for approved
documents.  The approval announcement contains the following sections:

  Technical Summary:

  This document updates RFC 7030 to clarify the handling of Certificate
  Signing Request (CSR) attributes in Enrollment over Secure Transport
  (EST).  This document describes how an EST server specifies the CSR
  attribute types (object identifiers) and also CSR attribute values,
  especially X.509 extension values, that the EST server expects the
  client to include in subsequent CSRs.

  Working Group Summary:

    There is consensus for this document in the LAMPS WG.

  Document Quality:

    EST has wide support.  Several people have expressed support of
    the clarifications in this document.  Great care was taken to ensure
    that the conventions specified in this document do not break current
    implementations of RFC 7030.
 
  Personnel:

    Russ Housley is the document shepherd.
    Deb Cooley is the responsible area director.


(3) Briefly describe the review of this document that was performed by
the Document Shepherd.  If this version of the document is not ready for
publication, please explain why the document is being forwarded to the
IESG.

  The document shepherd did a thorough review of the document during
  WG Last Call.  All issues were raised and resolved.


(4) Does the document Shepherd have any concerns about the depth or
breadth of the reviews that have been performed?

  No concerns.


(5) Do portions of the document need review from a particular or from
broader perspective, e.g., security, operational complexity, AAA, DNS,
DHCP, XML, or internationalization?  If so, describe the review that took
place.

  Several people that were involved in the PKIX WG were part of the
  review that took place during LAMPS WG Last Call.


(6) Describe any specific concerns or issues that the Document Shepherd
has with this document that the Responsible Area Director and/or the IESG
should be aware of?  For example, perhaps he or she is uncomfortable with
certain parts of the document, or has concerns whether there really is a
need for it.  In any event, if the WG has discussed those issues and has
indicated that it still wishes to advance the document, detail those
concerns here.

  No concerns.


(7) Has each author confirmed that any and all appropriate IPR
disclosures required for full conformance with the provisions of BCP 78
and BCP 79 have already been filed.  If not, explain why?

  The authors have explicitly stated that they are unaware of any
  additional IP that was introduced in the updates to the document.

  The authors have explicitly stated that they do not hold any IPR
  related to the document.


(8) Has an IPR disclosure been filed that references this document?  If
so, summarize any WG discussion and conclusion regarding the IPR
disclosures.

  No IPR disclosures were issued against RFC 7030 or this document.


(9) How solid is the WG consensus behind this document?  Does it
represent the strong concurrence of a few individuals, with others being
silent, or does the WG as a whole understand and agree with it?

  There is consensus for this document in the LAMPS WG.


(10) Has anyone threatened an appeal or otherwise indicated extreme
discontent?  If so, please summarise the areas of conflict in separate
email messages to the Responsible Area Director.  (It should be in a
separate email because this questionnaire is publicly available.)

  No one has threatened an appeal.


(11) Identify any ID nits the Document Shepherd has found in this
document.  (See http://www.ietf.org/tools/idnits/ and the Internet-Drafts
Checklist).  Boilerplate checks are not enough; this check needs to be
thorough.

  This document, once it is approved, will update RFC 7030.


(12) Describe how the document meets any required formal review criteria,
such as the MIB Doctor, media type, and URI type reviews.

  No special reviews are needed.


(13) Have all references within this document been identified as either
normative or informative?

  Yes.


(14) Are there normative references to documents that are not ready for
advancement or are otherwise in an unclear state?  If such normative
references exist, what is the plan for their completion?

  No.


(15) Are there downward normative references references (see RFC 3967)?
If so, list these downward references to support the Area Director in the
Last Call procedure.

  There are downward normative reference to Informational RFC 5911,
  Informational RFC 5912, and Informational RFC 6268.  All of these
  are already in the downref registry, so no special action is needed
  for them.


(16) Will publication of this document change the status of any existing
RFCs?  Are those RFCs listed on the title page header, listed in the
abstract, and discussed in the introduction?  If the RFCs are not listed
in the Abstract and Introduction, explain why, and point to the part of
the document where the relationship of this document to the other RFCs is
discussed.  If this information is not in the document, explain why the
WG considers it unnecessary.

  This new RFC will update RFC 7030, which is clearly stated on the
  title page and the Abstract.


(17) Describe the Document Shepherd's review of the IANA considerations
section, especially with regard to its consistency with the body of the
document.  Confirm that all protocol extensions that the document makes
are associated with the appropriate reservations in IANA registries.
Confirm that any referenced IANA registries have been clearly identified.
Confirm that newly created IANA registries include a detailed
specification of the initial contents for the registry, that allocations
procedures for future registrations are defined, and a reasonable name
for the new registry has been suggested (see RFC 5226).

  The ASN.1 module in Appendix A of this document makes use of object
  identifiers (OIDs).
 
  This document requests that IANA register an OID in the SMI Security
  for PKIX Arc in the Module identifiers arc (1.3.6.1.5.5.7.0) for
  the ASN.1 module.
 
  This document requests that IANA register two OIDs in the SMI Security
  for S/MIME attributes arc (1.2.840.113549.1.9.16.2) for two newly
  specified attributes.


(18) List any new IANA registries that require Expert Review for future
allocations.  Provide any public guidance that the IESG would find useful
in selecting the IANA Experts for these new registries.

  No new IANA registries are needed.


(19) Describe reviews and automated checks performed by the Document
Shepherd to validate sections of the document written in a formal
language, such as XML code, BNF rules, MIB definitions, etc.

  The ASN.1 module in Appendix A properly compiles.

Shepherd Write-up for draft-ietf-lamps-rfc7030-csrattrs-15


(1) What type of RFC is being requested (BCP, Proposed Standard, Internet
Standard, Informational, Experimental, or Historic)?  Why is this the
proper type of RFC?  Is this type of RFC indicated in the title page
header?

  Proposed Standard.  Yes, the header calls for Standards Track.
 
  This new RFC will update RFC 7030, which is a Proposed Standard.
 

(2) The IESG approval announcement includes a Document Announcement
Write-Up.  Please provide such a Document Announcement Write-Up.  Recent
examples can be found in the "Action" announcements for approved
documents.  The approval announcement contains the following sections:

  Technical Summary:

  This document updates RFC 7030 to clarify the handling of Certificate
  Signing Request (CSR) attributes in Enrollment over Secure Transport
  (EST).  This document describes how an EST server specifies the CSR
  attribute types (object identifiers) and also CSR attribute values,
  especially X.509 extension values, that the EST server expects the
  client to include in subsequent CSRs.

  Working Group Summary:

    There is consensus for this document in the LAMPS WG.

  Document Quality:

    EST has wide support.  Several people have expressed support of
    the clarifications in this document.  Great care was taken to ensure
    that the conventions specified in this document do not break current
    implementations of RFC 7030.
 
  Personnel:

    Russ Housley is the document shepherd.
    Deb Cooley is the responsible area director.


(3) Briefly describe the review of this document that was performed by
the Document Shepherd.  If this version of the document is not ready for
publication, please explain why the document is being forwarded to the
IESG.

  The document shepherd did a thorough review of the document during
  WG Last Call.  All issues were raised and resolved.


(4) Does the document Shepherd have any concerns about the depth or
breadth of the reviews that have been performed?

  No concerns.


(5) Do portions of the document need review from a particular or from
broader perspective, e.g., security, operational complexity, AAA, DNS,
DHCP, XML, or internationalization?  If so, describe the review that took
place.

  Several people that were involved in the PKIX WG were part of the
  review that took place during LAMPS WG Last Call.


(6) Describe any specific concerns or issues that the Document Shepherd
has with this document that the Responsible Area Director and/or the IESG
should be aware of?  For example, perhaps he or she is uncomfortable with
certain parts of the document, or has concerns whether there really is a
need for it.  In any event, if the WG has discussed those issues and has
indicated that it still wishes to advance the document, detail those
concerns here.

  No concerns.


(7) Has each author confirmed that any and all appropriate IPR
disclosures required for full conformance with the provisions of BCP 78
and BCP 79 have already been filed.  If not, explain why?

  The authors have explicitly stated that they are unaware of any
  additional IP that was introduced in the updates to the document.

  The authors have explicitly stated that they do not hold any IPR
  related to the document.


(8) Has an IPR disclosure been filed that references this document?  If
so, summarize any WG discussion and conclusion regarding the IPR
disclosures.

  No IPR disclosures were issued against RFC 7030 or this document.


(9) How solid is the WG consensus behind this document?  Does it
represent the strong concurrence of a few individuals, with others being
silent, or does the WG as a whole understand and agree with it?

  There is consensus for this document in the LAMPS WG.


(10) Has anyone threatened an appeal or otherwise indicated extreme
discontent?  If so, please summarise the areas of conflict in separate
email messages to the Responsible Area Director.  (It should be in a
separate email because this questionnaire is publicly available.)

  No one has threatened an appeal.


(11) Identify any ID nits the Document Shepherd has found in this
document.  (See http://www.ietf.org/tools/idnits/ and the Internet-Drafts
Checklist).  Boilerplate checks are not enough; this check needs to be
thorough.

  This document, once it is approved, will update RFC 7030.


(12) Describe how the document meets any required formal review criteria,
such as the MIB Doctor, media type, and URI type reviews.

  No special reviews are needed.


(13) Have all references within this document been identified as either
normative or informative?

  Yes.


(14) Are there normative references to documents that are not ready for
advancement or are otherwise in an unclear state?  If such normative
references exist, what is the plan for their completion?

  No.


(15) Are there downward normative references references (see RFC 3967)?
If so, list these downward references to support the Area Director in the
Last Call procedure.

  There are downward normative reference to Informational RFC 5911,
  Informational RFC 5912, and Informational RFC 6268.  All of these
  are already in the downref registry, so no special action is needed
  for them.


(16) Will publication of this document change the status of any existing
RFCs?  Are those RFCs listed on the title page header, listed in the
abstract, and discussed in the introduction?  If the RFCs are not listed
in the Abstract and Introduction, explain why, and point to the part of
the document where the relationship of this document to the other RFCs is
discussed.  If this information is not in the document, explain why the
WG considers it unnecessary.

  This new RFC will update RFC 7030, which is clearly stated on the
  title page and the Abstract.


(17) Describe the Document Shepherd's review of the IANA considerations
section, especially with regard to its consistency with the body of the
document.  Confirm that all protocol extensions that the document makes
are associated with the appropriate reservations in IANA registries.
Confirm that any referenced IANA registries have been clearly identified.
Confirm that newly created IANA registries include a detailed
specification of the initial contents for the registry, that allocations
procedures for future registrations are defined, and a reasonable name
for the new registry has been suggested (see RFC 5226).

  The ASN.1 module in Appendix A of this document makes use of object
  identifiers (OIDs).
 
  This document requests that IANA register an OID in the SMI Security
  for PKIX Arc in the Module identifiers arc (1.3.6.1.5.5.7.0) for
  the ASN.1 module.
 
  This document requests that IANA register two OIDs in the SMI Security
  for S/MIME attributes arc (1.2.840.113549.1.9.16.2) for two newly
  specified attributes.


(18) List any new IANA registries that require Expert Review for future
allocations.  Provide any public guidance that the IESG would find useful
in selecting the IANA Experts for these new registries.

  No new IANA registries are needed.


(19) Describe reviews and automated checks performed by the Document
Shepherd to validate sections of the document written in a formal
language, such as XML code, BNF rules, MIB definitions, etc.

  The ASN.1 module in Appendix A properly compiles.