Skip to main content

Last Call Review of draft-ietf-lamps-ocsp-nonce-update-05
review-ietf-lamps-ocsp-nonce-update-05-opsdir-lc-hares-2024-04-09-00

Request Review of draft-ietf-lamps-ocsp-nonce-update
Requested revision No specific revision (document currently at 11)
Type Last Call Review
Team Ops Directorate (opsdir)
Deadline 2024-04-03
Requested 2024-03-20
Authors himanshu sharma
I-D last updated 2024-04-09
Completed reviews Secdir Last Call review of -04 by Joseph A. Salowey (diff)
Secdir Telechat review of -07 by Joseph A. Salowey (diff)
Artart Telechat review of -06 by Jim Fenton (diff)
Opsdir Last Call review of -05 by Susan Hares (diff)
Artart Last Call review of -04 by Jim Fenton (diff)
Genart Last Call review of -05 by Ines Robles (diff)
Assignment Reviewer Susan Hares
State Completed
Request Last Call review on draft-ietf-lamps-ocsp-nonce-update by Ops Directorate Assigned
Posted at https://mailarchive.ietf.org/arch/msg/ops-dir/haPdYG_z5QUk3CHMnjk20hOzeSs
Reviewed revision 05 (document currently at 11)
Result Has nits
Completed 2024-04-09
review-ietf-lamps-ocsp-nonce-update-05-opsdir-lc-hares-2024-04-09-00
Status: Ready with NITs
General Statement: Excellent writing and clearly understood by a novice. 
I enjoyed reading the clear ASN.1 syntax in the appendices. 

operational summary:  The key point is that Clients switching from 
[RFC8954] to [draft-ietf-lamps-ocsp-nonce-update-06] will want to 
use a nonce of length 32, and accept an OCSP of 16 octets. 

4 NITS: Main Text (1) Appendix A.1 (1), and Appendix A.2 (2).  
Note that NITS are editorial suggestions. 

1 NITS in Main Text:

The example in section 2 starts with 
 30 2f 06 09 2b 06 01 05 05 07 30 01 02 [hex] 
    Sequence (30) length (2f) {   
       OBJECT Identifier (06) length (09) 
             oscpNonce (1 3 6 1 5 5 7 48 1 2 )

It might be good to explain that (1 3) is the 2b. 
------

#2 NITS in ASN.1 in Section 

It would help the ASN.1 reader to explain in a comment 
associated with the first usage of "generalizedTime" the format of the 
generalized time.  It is a well-defined ASN.1 concept, but 
the reader is assumed to be an IETF reader with less experience
in ASN.1. 

------

#NIT 3, use of ATTRIBUTE as an import. 

In my review of the ASN.1 in Appendix A.2, 
I cannot find a usage of ATTRIBUTE. 
If it is not used, why is it included? 

----- 
#NIT 4, use of @amp;

ResponseBytes ::=       SEQUENCE {
   responseType        RESPONSE.
                           &id ({ResponseSet}),
   response            OCTET STRING (CONTAINING RESPONSE.
                           &Type({ResponseSet}{@responseType}))}

AcceptableResponses ::= SEQUENCE OF RESPONSE.&id({ResponseSet})

I am not familiar with "&id" or "&Type" or @response. 
Please add a comment with the ISO reference for this syntax.
If you wish to be helpful to the reader, it would be  
to explain what this syntax means.