Skip to main content

Liaison statement
IETF Liaison Statement to ISO/TC 154 about ISO 14533

Additional information about IETF liaison relationships is available on the IETF webpage and the Internet Architecture Board liaison webpage.
State Posted
Submitted Date 2021-02-12
From Group IAB
From Contact IAB Chair
To Group ISOTC154
To Contacts zhangjf@cnis.ac.cn
Cc The IAB Executive Director <execd@iab.org>
The IAB Chair <iab-chair@iab.org>
The IAB <iab@iab.org>
Response Contact The IAB Chair <iab-chair@iab.org>
The IAB Executive Director <execd@iab.org>
Technical Contact LAMPS <spasm@ietf.org>
Roman D. Danyliw <rdd@cert.org>
Russ Housley <housley@vigilsec.com>
Tim Hollebeek <tim.hollebeek@digicert.com>
Purpose For information
Attachments (None)
Body
Dear ISO/TC 154, dear Mr Jianfang Zhang,

The Internet Architecture Board (IAB), which is handling the liaison management
of the IETF, would like to make sure that you are aware of the recent work by
the at IETF LAMPS Working group (https://datatracker.ietf.org/wg/lamps/about/).
 The LAMPS WG is responsible for updates to IETF documents related to public
key infrastructure (PKI), including the Online Certificate Status Protocol
(OCSP). OCSP is specified in RFC 6960
(https://www.rfc-editor.org/rfc/rfc6960.txt).  As part of the work of the LAMPS
Working Group, RFC 8954 (https://www.rfc-editor.org/rfc/rfc8954.txt) was
published as an update to RFC 6960, which limits the size of the OCSP Nonce
extension to 32 octets to make the OCSP transactions more secure.  The OCSP
Nonce is a randomly generated value that cryptographically binds a request and
a response to prevent replay attacks.

The IAB has been notified that RFC 8954 may conflict with the way OCSP Nonce
extension is used in ISO 14533-4.  We are writing to share that concern.  We
understand that ISO 14533-4 places a non-random value in the OCSP Nonce that is
larger than 32 octets.  This new size limitation may also impact other work by
ISO/TC 154 that we are not aware of.

We had a discussion about the use case in the LAMPS Working Group recently.
Based on how the OCSP nonce extension is used in the industry, it was
recommended that a new OCSP extension should be used for the purpose of
capturing OCSP response for long term validation of the signed documents.

We recognize that the IETF does not have a liaison relationship with ISO/TC
154; however, the IETF LAMPS Working Group would like to work with you to
resolve this incompatibility in the best possible way.  If the establishment of
a liaison relationship between the IETF and ISO/TC 154 is desired, then the IAB
will coordinate the arrangement.

Thank you for your attention in this matter.

On behalf of the IAB,
Mirja Kühlewind (IAB Chair)