[lamps] Re: Orie Steele's No Objection on draft-ietf-lamps-rfc6712bis-09: (with COMMENT)
"Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com> Thu, 19 December 2024 14:36 UTC
Return-Path: <hendrik.brockhaus@siemens.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3A091C1D4A79; Thu, 19 Dec 2024 06:36:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=siemens.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MigXtVIfNB8Y; Thu, 19 Dec 2024 06:36:51 -0800 (PST)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2053.outbound.protection.outlook.com [40.107.20.53]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5BEC2C1D4A73; Thu, 19 Dec 2024 06:36:51 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=vYZSRPKnilsKIX2TbC+NCLwGhBzyP3wDhrhNEUMZeDgiBY1NuQJRUuAs0uE1af6TKS8x5UuaLVLerNCrYX4IWIwhew4iGMibq9pBvPxK8I1i1XXrGOQwt6pmEYsTxcdhtvybT+ekFIJz9SzAheKXvcGiCDbj/4pVSqmVrU+rorD2Nho+uEgsPoq3cYOacBt8TWoE8+RC/Ig8gO4L2NVc8RW3VoWYGEVsHxGgt34ML5UeZjQVjZConwR/+0ReSg7z8fw3IxJi8rs9PrfIN7o0pdy91zCT6Je9+U3Qt1Q2liv9mSYd4qBaQGdxsI/37xixQ+Fii3Qc67YDjZpTqjriXg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=E/RkspWhbkpdgfistLTiLuDu4gJ4eqA/D3I3HZNNpGQ=; b=yMwzyjYjV+AffkrvhUcqOzlk39+fb9IYQNMJtkGOTUPkRjyHDSY9z/VOjfOq42N80EoEW44geVCprezDv7gsZxO8RtEf970cSoIiq/5CalvHxd1r+XJBwrfUjabHC1GOHx5LzMmWM86fL4atEFWi6WFIYNci9Z6u3Y37Ay/gmiB+XmqUG+R1p3xxF2+qo5CQnzpjpfoS8xxTdUMpO1EJYC0PuolL1eSJqywwxZqzImKXyOBHfJXQmftLeAdnCcrRxwXhMs/gPA3OzryC/b4CQ2T+Hc+6OQ6nMJDo5tmrSESOPEBDjV2yYePnv5NcQRGOM7Wy1FYpWq7fiDmAOhyvAA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=E/RkspWhbkpdgfistLTiLuDu4gJ4eqA/D3I3HZNNpGQ=; b=MJqxPkJ1yAOiieyJx0Kmk5Oe+lkyUZMuxh/ahIXEqFUD2zbisFeO7+6Xk1FVb3clDiJ/xSBkrByQOcifhs/xvV3YhG0M1jSKvBAh5nqIwByXWnB2qkW/B4SATwKdw1dy8eTH7+thGp5iSrUJwaCgFUvg1A6IPBad97oJq1K6qpN3xEoXAiutb8cPOlABRnpNxfc0yhvXOJyN6UNpw+AENUB/k/BZxRxDrVa0Uv08UqbiSUvxO2TDS0GEfa2fzCnVHAjcNWs1sR1cV/LVEFvYe8XsRYBCiZL7tqOexOrW76438MS4jSjWXdvFkW4oqF4A8pgOi/+7xYdlGr3a8pPX6Q==
Received: from DB9PR10MB5715.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:2ee::5) by GV2PR10MB6140.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:150:79::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8272.13; Thu, 19 Dec 2024 14:36:48 +0000
Received: from DB9PR10MB5715.EURPRD10.PROD.OUTLOOK.COM ([fe80::8b02:6852:93f4:50a]) by DB9PR10MB5715.EURPRD10.PROD.OUTLOOK.COM ([fe80::8b02:6852:93f4:50a%5]) with mapi id 15.20.8293.000; Thu, 19 Dec 2024 14:36:48 +0000
From: "Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com>
To: Orie Steele <orie@transmute.industries>, The IESG <iesg@ietf.org>
Thread-Topic: Orie Steele's No Objection on draft-ietf-lamps-rfc6712bis-09: (with COMMENT)
Thread-Index: AQHbUL/cw4sV3hkl20KeW8Etmh0kALLtnmfw
Date: Thu, 19 Dec 2024 14:36:48 +0000
Message-ID: <DB9PR10MB5715FD18BC22B4C3B05B7552FE062@DB9PR10MB5715.EURPRD10.PROD.OUTLOOK.COM>
References: <173446628454.554415.18156115323965303257@dt-datatracker-59cd88ccf4-xxptp>
In-Reply-To: <173446628454.554415.18156115323965303257@dt-datatracker-59cd88ccf4-xxptp>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_ActionId=dd69947c-4fa8-4bd0-86a6-ff5db5c04a27;MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_ContentBits=0;MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_Enabled=true;MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_Method=Standard;MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_Name=restricted;MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_SetDate=2024-12-19T14:11:52Z;MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_SiteId=38ae3bcd-9579-4fd4-adda-b42e1495d55a;
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=siemens.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DB9PR10MB5715:EE_|GV2PR10MB6140:EE_
x-ms-office365-filtering-correlation-id: 27e82c2a-1283-4fae-d09a-08dd203a91ef
x-ms-exchange-atpmessageproperties: SA
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|376014|366016|38070700018;
x-microsoft-antispam-message-info: Qr9WaMvfpRMFpVE2d8GQ0p62JV1CBTFshCEiqiyK8BKMuD37RQAJj6C1s7IpVka+TCk+Akg7VUoZInjfbeF8qep+choPFvr8eg/FbRYK+sYDL07apHsovatJ8/z931L10CLy68/55Ke+3uEDjUbIUOjst9uA7Td/WH38S567HwMN7PA7161T5J4Nnl73Xxo0T7Qss2RLaXLj6nPHn/1VjWhIij5XiKY0CsmLIbPjkZ+7kuUB60Pdo1h5zyGY15GNoTNjPK3DWnnIf4B9xt+Vw9bc+kZ5zcWEn2Xd/83cX5JYa9FMALlBvomWj8vaQ8I/HDj+RQJYVh3iWVh8bQKpqY1TSxb1Ke5X8OUygZyHzEAh1tJEn1CaiceU9fDEIFym89fvckuKpnSfOHAdAJIsBvhcYWqaIfI8xcIA1+YV9Hkdyj99vHoWZNNrMLLg/SJ9H8koLj2dhO9/rWmj4dsIG7m6EfIun2Sdq1BQSIaj2FAqWrZk3mXs47OiOFEaaFdW7tNXy+FcYNdER6v3NOHENkglOFzULHUXlsOix2XIMv8HV5/Sk1lwnVcH5bgRQh/dcflNRsCC3arAI9b68Rk9W4UAMQ5drTmAgTRUdUQoOa1vZwow/bm+nkXWWRJeQ+dPACtCJSnEJJ6LLA9QyH+MBR4VL0d/TYgaqq5mqZJikAhve5JXu6UHgvYKrVFYjRn8ybaKr0+BV4FSbwpAfRdnPeKYeZ9/nn1xA4jBdm5nIgPciE3gdght7XomrrBYkS1Q1BklCBtg/rfRodzoXyt5ZZQ59E3335+fKF7dbRQFkKP/MWCEW7WkpyC+hAKMmv3Y13XqNpSdU2BNsrpOMJX2JaBX3wl0nY2ocA6BTm12kqZcCk2rv+ypxVgOdgn66PulhiQ6TlKTYjtDuMan/pEFW4cstB6TGynE1bZYlzpv9v9T7uOREiEFs51R3suz6DD0MsuN9gYH+cMvG2JXSjxzIBm2g+rpJFX5Trxm41LqARFp7lK1N7TfHL1S3OSAWTDeFRcc2UffACyLC0GCz+lV7dsb0oMLGYp9tfHUJ6Upc/lkefUbQ6yOI9We8BOGbSmRnuF7zdrFpVvTwyNsWSGmt5S8aZKP4dSDxb9z/IhpWZWSD0EWztYRJJr+DIofyHfUWbqLH3oRZglLQKwcXImkIwlrbjp6JNdRH3IjmsTA8UB5/zkiJyw71aJnE7C9mZhKx5qbODosSIo8bYcGWgGgvCee6mWpl6WWPCr/yC065EXPOewH2m+2DmrTlJk8Qa+NeTw0DZBJiXaBJsbuobigGJC2xH9Y+BOi/3vjezm9Svrr2okFFOKE5MC/mmWN/255nQ+dhPtQU2mJmFYCnFfZfBOStrNw8OnXGlVLug/pT9AnTvsyjCtCEhHRqIq/sPFc
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DB9PR10MB5715.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(376014)(366016)(38070700018);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: dsSICRSZ9pHcNjSGl0Y8PCzU4U4WBghBREgEWLCCrExSaunYF6IRKB+hTgS8fK/VQwW+qTdyqceAzn6nBlUHwywyn8ERKXanQWEsER+SJ/aO6KhiW52z9G66yoyVRFx8i0QEVQgcJ3R2/KL1x/XOy5Nr20UMdlXGlwFEQwj+PTE1P65SUHEz0RPEDv4oZ2I8vXCOPBisAiKcKCABndfMl5OI/sED00K6IWXCPsi3lg1D+oPYF4srArguyibBMepHlSVUJ0RdO7TwlWWKN9H7PkuF68nNdTkDQKG/rRbDOZtT0nQcLTei4moda8yj5L5MhTltutyg/bU3mbdhKy5y/akU/B3TrbbmubiC6j7n9k3RuE2dhxz49X3/GZKE3Kq9dAw3zz/OBIkhD/PUTQLpD9EB249hsyIS1P49Ju5ebPshZUKtXlUyBqAFEWmM6L6wytU3RqLfXV4uGKAKzTuDixXAXaukpMSBDHug/QrsbO+TTDllSdSCbFwp6ey53UjuSMisqibIhDKpbBF6FBMiYbIL7rB3nZ1eiYY9t7lKEY66k8jKEaAX/lT1TniXm86qP/PoERqf/arOrRpJcyUh8S0lhHhg7jClujhJj57x5LpOTnMQOTZDE/6PLUX9UOpd3TvY9fLhfXDGC2EW7opSYibnRKZoqe906ZNKhp6oP9RCYowQdp+b9q8/nxzl8ClIYX/KBEyESBIDUGG07jGXiI7nuezv0Y5nGUl/0xevuuqdaT+VpV6aENq0kK5M8QyDm6+X/vTqu531qkFe8ZiitYBT7wiO9omUoH4kmWS+2bNErr3YEUL9H1ov4wNNzagv15H9x/Hur/qEDTB1iKH5JKmTuYFy0gsgBva2Y9UEVdzeIHyyA2eJjXwXNgMhv89/jqRo+i96uRGxKkOlos0Irvg09q0IEf+jnEAfQqPQHh5sapVK2hXNJOjcJK+dBsv1Z2knZlKjq6D/8bxR8CFHy+a6ahaRVdlogkKBek7jsb01vU9RhDMui6XhiJUvAj+BDmFs6RfpCdddJU6QWtsXvIjaHTyfl34f9OprrPr3B6HfpWDgS6iiu1SJiCsltl+TTYvPc7GHiMOn8zy+O7a8D4ovut9ffNcDXFFabB1J5mGVzlJtlozIu/ij7y2WNRMuv0I5JdBfbfSr3JETwsK5KjenWp7mBY9C5N/f/mCVmxrKmhI3qMMdXHOh4WtOMEyKWt/ylwjSTLmcL0dcGQEWLVW8yzBWWRtIDEZObxvBhIsge7t79TBSyNaIIyGGXGTo+1aq8rfQem4zlwD48e6OVj6E9TgBFfF8OrEu7zRbzjXMR4di08wjp1jL3unLurzFO0GfBqIjbkX00rvWsyJY0ZI03hElPRFo3S3dTXlMG7wCAT12zgy+77lwat2Fz3En85q61FoCLP5lyrC98p6d9YsCajurVlhRZEhx5rS61fgVr7m67q8ZHifNoSmfD61TP+T3aKPFrEom6L0Qqi2qDMRsg/LWhDdy8JDH5kqiEFRZyFm4xJ0J4Pu5SgCKr6VzRPSlRSmscu+viTPDm44lB88INtDlLTvq1+DIgWgvAz2GtKv2GPLT7SQH7sSnBQHcR5Bed80i1XojOYyrT8rOwA==
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: siemens.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DB9PR10MB5715.EURPRD10.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 27e82c2a-1283-4fae-d09a-08dd203a91ef
X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Dec 2024 14:36:48.4767 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 3t2t6WJEPAd68ekFPLjj+jW9sL89cs+D/ugp4czP8n+CQVEIxSgSrmkIrgtsX9HQ9Z53T4wT9KiT1aPrgwZswVkAnJsZNbgY0kLd9PVYaIY=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: GV2PR10MB6140
Message-ID-Hash: 4MBKONFNG2NH73WJXWMTDNS6NKAFN45P
X-Message-ID-Hash: 4MBKONFNG2NH73WJXWMTDNS6NKAFN45P
X-MailFrom: hendrik.brockhaus@siemens.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-spasm.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "draft-ietf-lamps-rfc6712bis@ietf.org" <draft-ietf-lamps-rfc6712bis@ietf.org>, "lamps-chairs@ietf.org" <lamps-chairs@ietf.org>, "spasm@ietf.org" <spasm@ietf.org>, "housley@vigilsec.com" <housley@vigilsec.com>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [lamps] Re: Orie Steele's No Objection on draft-ietf-lamps-rfc6712bis-09: (with COMMENT)
List-Id: This is the mail list for the LAMPS Working Group <spasm.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/W3kQtF7QLGU505g7A4X_EM2Jjlo>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Owner: <mailto:spasm-owner@ietf.org>
List-Post: <mailto:spasm@ietf.org>
List-Subscribe: <mailto:spasm-join@ietf.org>
List-Unsubscribe: <mailto:spasm-leave@ietf.org>
Orie Thank you for your comments. See my response below. Hendrik >Von: Orie Steele via Datatracker <noreply@ietf.org> >Gesendet: Dienstag, 17. Dezember 2024 21:11 > >Orie Steele has entered the following ballot position for >draft-ietf-lamps-rfc6712bis-09: No Objection > >When responding, please keep the subject line intact and reply to all email >addresses included in the To and CC lines. (Feel free to cut this introductory >paragraph, however.) > > >Please refer to >https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%25 >2Fabout%2Fgroups%2Fiesg%2Fstatements%2Fhandling-ballot- >positions%2F&data=05%7C02%7Chendrik.brockhaus%40siemens.com%7C95198 >b47029b47ccf47608dd1ed6fd9a%7C38ae3bcd95794fd4addab42e1495d55a%7C1 >%7C0%7C638700630907522386%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU >1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUI >joyfQ%3D%3D%7C0%7C%7C%7C&sdata=osMsw%2Fmn79WZrUpwnhVj%2FfvLa >y7USqmSwu0wk44oWVA%3D&reserved=0 >for more information about how to handle DISCUSS and COMMENT positions. > > >The document, along with other ballot positions, can be found here: >https://datatracker.ietf/. >org%2Fdoc%2Fdraft-ietf-lamps- >rfc6712bis%2F&data=05%7C02%7Chendrik.brockhaus%40siemens.com%7C9519 >8b47029b47ccf47608dd1ed6fd9a%7C38ae3bcd95794fd4addab42e1495d55a%7C >1%7C0%7C638700630907541087%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0e >U1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIld >UIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=3CbEs5%2BKjTyj1P39CCTh5yTnev >%2FYSjkH2vLVMNIG6as%3D&reserved=0 > > > >---------------------------------------------------------------------- >COMMENT: >---------------------------------------------------------------------- > >Thanks to Claudio Allocchio for the ARTART review, and to the authors for >addressing the feedback. > >I still wonder if section 3.4 should more strongly encourage the use of HTTPS >through examples, why not: > >``` > https://www.example.com/.well-known/cmp > > https://www.example.com/.well-known/cmp/<operation> > > https://www.example.com/.well-known/cmp/p/<name> > > https://www.example.com/.well-known/cmp/p/<name>/<operation> > >Note that http can also be used instead of https, see item 5 in the Security >Considerations (Section 5). > >``` [HB] This was discussed during the OPSDIR review, see https://mailarchive.ietf.org/arch/msg/spasm/-i992Y4hOShbnu0a6eRlnkhg3BE/. CMP offers all protection mechanism that are needed for certificate management. The content of certificates is typically not confidential as it it provided to the relying parties anyhow. Therefore, the TLS layer is an optional addition, because - CMP does not necessarily require transport layer protection if data-origin authentication using MAC-based or signature-based message protection is applied. - There are cases where an entity initially has no certificate and no trust anchor. In these cases, it would even be unable to perform TLS server authentication. But you are right, TLS is often applied as second line of defense and for privacy reasons.
- [lamps] Re: Orie Steele's No Objection on draft-i… Brockhaus, Hendrik
- [lamps] Orie Steele's No Objection on draft-ietf-… Orie Steele via Datatracker