Lightweight Directory Access Protocol (LDAP) Registrations for PKCS #9
draft-seantek-ldap-pkcs9-08

Summary: Has enough positions to pass.

(Kathleen Moriarty) Discuss

Discuss (2018-03-21)
This is discuss is entirely my fault and requires action from me...  sorry I didn't catch it sooner that PKCS#9 had not yet been transferred to the IETF for change control.  We can handle this in a couple of ways, I think.  The cleanest is for me to get PKCS#9 transferred and I can start that process right away.

The second option is for me to see if just putting the Intellectual property statement in the IANA registry too would be enough.  I see you have that in the draft.

   License to copy this document is granted provided that it is
   identified as "RSA Security Inc.  Public-Key Cryptography Standards
   (PKCS)" in all material mentioning or referencing this document.

Sorry about this!  I thought we caught all of the remaining ones that had to be transferred.

21 March 2018 - Working on a possible transfer of a license to the IETF to address this discuss.  The sponsoring AD will continue to watch this and hopefully move forward shortly assuming this license transfer will be approved.

Alexey Melnikov Yes

Comment (2016-09-01 for -06)
No email
send info
Need to make sure that IANA's Expert Review completes first.

Kathleen needs to figure out whether restrictive note on RFC 2985 can be lifted and control on it transferred to IETF.

Stephen: I cross checked OIDs against RFC 2985 and http://www.alvestrand.no/ (The latter doesn't contain all of these, but has many).

Mirja: "Updates RFC 2985" seems sensible.

Benoit: I will make sure the Ops-Dir review is taken into consideration.

(Jari Arkko) No Objection

Deborah Brungard No Objection

(Ben Campbell) No Objection

(Benoît Claise) No Objection

Comment (2016-08-31 for -06)
No email
send info
As mentioned by Dan Romascanu in his OPS DIR review:

The following comments are not related directly to the operational aspects, but can improve the quality of the document and its readability and usability by IT personal and network operators:

 

-          It would help to expand PKCS and include one paragraph that describes where it comes from and how it is used – this may be very trivial for security experts but not to all operators or other users of the future RFC

-          The following sentence in section 4 is cumbersome because of the double negation, I suggest to reformulate it: ‘The attributes in Appendix B.3 that are not highly unlikely to be stored in a Directory are registered via this document.’

-          Section 4.1 includes the phrase: ‘Since all specifications are under the change control of the IETF, …’ – actually the abstract of RFC 2985 makes clear that ‘change control is retained within the PKCS process’ (which as I understand belongs to the RSC Laboratories. If things have changed since the publication of RFC 2985 (November 2000) it would be useful to document this

Alissa Cooper No Objection

(Spencer Dawkins) No Objection

(Stephen Farrell) No Objection

Comment (2016-08-30 for -06)
No email
send info
Did someone check all these attributes vs. what's
deployed in current code? There's the potential for
errors here if that wasn't done, and cross-checked,
which'd be a pity.

I agree with the secdir reviewer's nits [1] and would
recommend they be handled. (I don't think I saw a
response? Apologies if I missed that.)

   [1] https://www.ietf.org/mail-archive/web/secdir/current/msg06723.html

(Joel Jaeggli) No Objection

Comment (2016-09-01 for -06)
No email
send info
Romascanu, Dan (Dan) <dromasca@avaya.com> provided the opsdir review.

comments replicated here.

Hi,

 

I have reviewed draft-seantek-ldap-pkcs9-06.txt as part of the Operational directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written with the intent of improving the operational aspects of the IETF drafts. Comments that are not addressed in last call may be included in AD reviews during the IESG review.  Document editors and WG chairs should treat these comments just like any other last call comments.

 

This I-D adds IANA considerations relevant to RFC 2985 which is the Informational RFC version of the Public Key Cryptography Standards #9, a product of RSA Laboratories. Basically it creates an LDAP OID which makes possible registration of a relevant subset of attributes, their descriptors and syntax that can be stored in an LDAP directory.

 

An RFC 5706 review does not apply. I have not detected any immediate operational impact, and the definition of the registers under IANA can only better structure the management tasks.

 

I believe the document is 'Ready' for publication from the OPS-DIR perspective.

 

The following comments are not related directly to the operational aspects, but can improve the quality of the document and its readability and usability by IT personal and network operators:

 

-          It would help to expand PKCS and include one paragraph that describes where it comes from and how it is used – this may be very trivial for security experts but not to all operators or other users of the future RFC

-          The following sentence in section 4 is cumbersome because of the double negation, I suggest to reformulate it: ‘The attributes in Appendix B.3 that are not highly unlikely to be stored in a Directory are registered via this document.’

-          Section 4.1 includes the phrase: ‘Since all specifications are under the change control of the IETF, …’ – actually the abstract of RFC 2985 makes clear that ‘change control is retained within the PKCS process’ (which as I understand belongs to the RSC Laboratories. If things have changed since the publication of RFC 2985 (November 2000) it would be useful to document this  

 

Regards,

 

Dan

 

 

 


_______________________________________________
OPS-DIR mailing list
OPS-DIR@ietf.org
https://www.ietf.org/mailman/listinfo/ops-dir

Suresh Krishnan No Objection

Mirja Kühlewind No Objection

Comment (2016-08-31 for -06)
No email
send info
Given section 4.1, shouldn't this doc upadte RFC 2985?

Also, I'd really prefer to use rfc number for reference keys...

(Terry Manderson) No Objection

Alvaro Retana No Objection

Ignas Bagdonas No Record

Roman Danyliw No Record

Benjamin Kaduk No Record

Warren Kumari No Record

Barry Leiba No Record

Adam Roach No Record

Martin Vigoureux No Record

Éric Vyncke No Record

Magnus Westerlund No Record