Liaison statement
IETF Liaison Statement to ISO/TC 154 about ISO 14533
Additional information about IETF liaison relationships is available on the
IETF webpage
and the
Internet Architecture Board liaison webpage.
State | Posted |
---|---|
Submitted Date | 2021-02-12 |
From Group | IAB |
From Contact | IAB Chair |
To Group | ISOTC154 |
To Contacts | zhangjf@cnis.ac.cn |
Cc | The IAB Executive Director <execd@iab.org> The IAB Chair <iab-chair@iab.org> The IAB <iab@iab.org> |
Response Contact | The IAB Chair <iab-chair@iab.org> The IAB Executive Director <execd@iab.org> |
Technical Contact | LAMPS <spasm@ietf.org> Roman D. Danyliw <rdd@cert.org> Russ Housley <housley@vigilsec.com> Tim Hollebeek <tim.hollebeek@digicert.com> |
Purpose | For information |
Attachments | (None) |
Body |
Dear ISO/TC 154, dear Mr Jianfang Zhang, The Internet Architecture Board (IAB), which is handling the liaison management of the IETF, would like to make sure that you are aware of the recent work by the at IETF LAMPS Working group (https://datatracker.ietf.org/wg/lamps/about/). The LAMPS WG is responsible for updates to IETF documents related to public key infrastructure (PKI), including the Online Certificate Status Protocol (OCSP). OCSP is specified in RFC 6960 (https://www.rfc-editor.org/rfc/rfc6960.txt). As part of the work of the LAMPS Working Group, RFC 8954 (https://www.rfc-editor.org/rfc/rfc8954.txt) was published as an update to RFC 6960, which limits the size of the OCSP Nonce extension to 32 octets to make the OCSP transactions more secure. The OCSP Nonce is a randomly generated value that cryptographically binds a request and a response to prevent replay attacks. The IAB has been notified that RFC 8954 may conflict with the way OCSP Nonce extension is used in ISO 14533-4. We are writing to share that concern. We understand that ISO 14533-4 places a non-random value in the OCSP Nonce that is larger than 32 octets. This new size limitation may also impact other work by ISO/TC 154 that we are not aware of. We had a discussion about the use case in the LAMPS Working Group recently. Based on how the OCSP nonce extension is used in the industry, it was recommended that a new OCSP extension should be used for the purpose of capturing OCSP response for long term validation of the signed documents. We recognize that the IETF does not have a liaison relationship with ISO/TC 154; however, the IETF LAMPS Working Group would like to work with you to resolve this incompatibility in the best possible way. If the establishment of a liaison relationship between the IETF and ISO/TC 154 is desired, then the IAB will coordinate the arrangement. Thank you for your attention in this matter. On behalf of the IAB, Mirja Kühlewind (IAB Chair) |