Lightweight Directory Access Protocol (LDAP) Registrations for PKCS #9
draft-seantek-ldap-pkcs9-08
Discuss
Yes
No Objection
(Alissa Cooper)
(Alvaro Retana)
(Ben Campbell)
(Deborah Brungard)
(Jari Arkko)
(Spencer Dawkins)
(Suresh Krishnan)
(Terry Manderson)
No Record
Deb Cooley
Erik Kline
Francesca Palombini
Gunter Van de Velde
Jim Guichard
John Scudder
Mahesh Jethanandani
Murray Kucherawy
Orie Steele
Paul Wouters
Roman Danyliw
Warren Kumari
Zaheduzzaman Sarker
Éric Vyncke
Summary: Needs a YES.
Deb Cooley
No Record
Erik Kline
No Record
Francesca Palombini
No Record
Gunter Van de Velde
No Record
Jim Guichard
No Record
John Scudder
No Record
Mahesh Jethanandani
No Record
Murray Kucherawy
No Record
Orie Steele
No Record
Paul Wouters
No Record
Roman Danyliw
No Record
Warren Kumari
No Record
Zaheduzzaman Sarker
No Record
Éric Vyncke
No Record
Kathleen Moriarty Former IESG member
Discuss
Discuss
[Treat as non-blocking comment]
(2018-03-21)
Unknown
This is discuss is entirely my fault and requires action from me... sorry I didn't catch it sooner that PKCS#9 had not yet been transferred to the IETF for change control. We can handle this in a couple of ways, I think. The cleanest is for me to get PKCS#9 transferred and I can start that process right away. The second option is for me to see if just putting the Intellectual property statement in the IANA registry too would be enough. I see you have that in the draft. License to copy this document is granted provided that it is identified as "RSA Security Inc. Public-Key Cryptography Standards (PKCS)" in all material mentioning or referencing this document. Sorry about this! I thought we caught all of the remaining ones that had to be transferred. 21 March 2018 - Working on a possible transfer of a license to the IETF to address this discuss. The sponsoring AD will continue to watch this and hopefully move forward shortly assuming this license transfer will be approved.
Alexey Melnikov Former IESG member
Yes
Yes
(2016-09-01 for -06)
Unknown
Need to make sure that IANA's Expert Review completes first. Kathleen needs to figure out whether restrictive note on RFC 2985 can be lifted and control on it transferred to IETF. Stephen: I cross checked OIDs against RFC 2985 and http://www.alvestrand.no/ (The latter doesn't contain all of these, but has many). Mirja: "Updates RFC 2985" seems sensible. Benoit: I will make sure the Ops-Dir review is taken into consideration.
Alissa Cooper Former IESG member
No Objection
No Objection
(for -06)
Unknown
Alvaro Retana Former IESG member
No Objection
No Objection
(for -06)
Unknown
Ben Campbell Former IESG member
No Objection
No Objection
(for -06)
Unknown
Benoît Claise Former IESG member
No Objection
No Objection
(2016-08-31 for -06)
Unknown
As mentioned by Dan Romascanu in his OPS DIR review: The following comments are not related directly to the operational aspects, but can improve the quality of the document and its readability and usability by IT personal and network operators: - It would help to expand PKCS and include one paragraph that describes where it comes from and how it is used – this may be very trivial for security experts but not to all operators or other users of the future RFC - The following sentence in section 4 is cumbersome because of the double negation, I suggest to reformulate it: ‘The attributes in Appendix B.3 that are not highly unlikely to be stored in a Directory are registered via this document.’ - Section 4.1 includes the phrase: ‘Since all specifications are under the change control of the IETF, …’ – actually the abstract of RFC 2985 makes clear that ‘change control is retained within the PKCS process’ (which as I understand belongs to the RSC Laboratories. If things have changed since the publication of RFC 2985 (November 2000) it would be useful to document this
Deborah Brungard Former IESG member
No Objection
No Objection
(for -06)
Unknown
Jari Arkko Former IESG member
No Objection
No Objection
(for -06)
Unknown
Joel Jaeggli Former IESG member
No Objection
No Objection
(2016-09-01 for -06)
Unknown
Romascanu, Dan (Dan) <dromasca@avaya.com> provided the opsdir review. comments replicated here. Hi, I have reviewed draft-seantek-ldap-pkcs9-06.txt as part of the Operational directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written with the intent of improving the operational aspects of the IETF drafts. Comments that are not addressed in last call may be included in AD reviews during the IESG review. Document editors and WG chairs should treat these comments just like any other last call comments. This I-D adds IANA considerations relevant to RFC 2985 which is the Informational RFC version of the Public Key Cryptography Standards #9, a product of RSA Laboratories. Basically it creates an LDAP OID which makes possible registration of a relevant subset of attributes, their descriptors and syntax that can be stored in an LDAP directory. An RFC 5706 review does not apply. I have not detected any immediate operational impact, and the definition of the registers under IANA can only better structure the management tasks. I believe the document is 'Ready' for publication from the OPS-DIR perspective. The following comments are not related directly to the operational aspects, but can improve the quality of the document and its readability and usability by IT personal and network operators: - It would help to expand PKCS and include one paragraph that describes where it comes from and how it is used – this may be very trivial for security experts but not to all operators or other users of the future RFC - The following sentence in section 4 is cumbersome because of the double negation, I suggest to reformulate it: ‘The attributes in Appendix B.3 that are not highly unlikely to be stored in a Directory are registered via this document.’ - Section 4.1 includes the phrase: ‘Since all specifications are under the change control of the IETF, …’ – actually the abstract of RFC 2985 makes clear that ‘change control is retained within the PKCS process’ (which as I understand belongs to the RSC Laboratories. If things have changed since the publication of RFC 2985 (November 2000) it would be useful to document this Regards, Dan _______________________________________________ OPS-DIR mailing list OPS-DIR@ietf.org https://www.ietf.org/mailman/listinfo/ops-dir
Mirja Kühlewind Former IESG member
No Objection
No Objection
(2016-08-31 for -06)
Unknown
Given section 4.1, shouldn't this doc upadte RFC 2985? Also, I'd really prefer to use rfc number for reference keys...
Spencer Dawkins Former IESG member
No Objection
No Objection
(for -06)
Unknown
Stephen Farrell Former IESG member
No Objection
No Objection
(2016-08-30 for -06)
Unknown
Did someone check all these attributes vs. what's deployed in current code? There's the potential for errors here if that wasn't done, and cross-checked, which'd be a pity. I agree with the secdir reviewer's nits [1] and would recommend they be handled. (I don't think I saw a response? Apologies if I missed that.) [1] https://www.ietf.org/mail-archive/web/secdir/current/msg06723.html
Suresh Krishnan Former IESG member
No Objection
No Objection
(for -06)
Unknown
Terry Manderson Former IESG member
No Objection
No Objection
(for -06)
Unknown