Re: [Trans] WGLC started for draft-ietf-trans-threat-analysis

Folks, Ben Kudak politely noted that my reply to Andrew's comments lost all formatting when I sent it. I have attached the formatted version that I prepared, as a PDF, to facilitate review. Sorry, Steve ​​ ‐‐‐ Original Message ‐‐‐ On May 7, 2018 2:29 PM, Andrew Ayer

Re: [Trans] WGLC started for draft-ietf-trans-threat-analysis

On Tue, May 15, 2018 at 10:50 AM, David A. Cooper wrote: > I can't speak for Steve, but I can provide an example of a syntax error I > encountered as a result of "quirks of CA certificate-issuing software." > > Many years ago when I was tasked to check whether certificates

Re: [Trans] WGLC started for draft-ietf-trans-threat-analysis

I can't speak for Steve, but I can provide an example of a syntax error I encountered as a result of "quirks of CA certificate-issuing software." Many years ago when I was tasked to check whether certificates being issued by a CA were being issued in

Re: [Trans] WGLC started for draft-ietf-trans-threat-analysis

On Mon, May 14, 2018 at 11:26 AM, Stephen Kent wrote: > Also, note that 6962-bis says: “Logs SHOULD accept certificates and > precertificates that are fully valid according to RFC 5280 [RFC5280] > verification rules and are submitted with such a chain.” This text suggests > that

Re: [Trans] WGLC started for draft-ietf-trans-threat-analysis

Andrew, Thanks for taking the time to review the document and for the nice organization of your comments. A. Logs do not check for syntactic misissuance Sections 4.1.1.1 and 4.2.1.1 give the impression that logs check, or ought to check, submitted certificates for syntactic

Re: [Trans] WGLC started for draft-ietf-trans-threat-analysis

I have been unable to find anywhere in my comments where I suggested that syntactic mis-issuance should not be discussed in the document. The "responses" you provided have nothing to do with my comments. On 05/09/2018 08:49 AM, Stephen Kent wrote:

Re: [Trans] WGLC started for draft-ietf-trans-threat-analysis

Subject: Re: [Trans] WGLC started for draft-ietf-trans-threat-analysis Date: Mon, 7 May 2018 16:48:44 -0400 From: David A.

Re: [Trans] WGLC started for draft-ietf-trans-threat-analysis

On Wed, 9 May 2018, Stephen Kent wrote: I believe the current last call was intended to solicit comments only on the changes made since the -012 version, since prior last calls solicited comments on the rest of this I-D months ago. No. Any WGLC is about the entire document, and everyone is

Re: [Trans] WGLC started for draft-ietf-trans-threat-analysis

I have review the current draft of the threat analysis document and believe that there are a number of issues that should be addressed before this document is approved. Below ar ethe comments that I have on the draft: I believe the current last call was intended to solicit comments only on the

Re: [Trans] WGLC started for draft-ietf-trans-threat-analysis

I think it's fine for browsers to check for syntactic errors in certificates. However, I interpreted "thorough syntactic checks on certificates" to mean that browsers should be performing checks such as the ones described in

Re: [Trans] WGLC started for draft-ietf-trans-threat-analysis

On Fri, 4 May 2018 14:51:47 -0400 "David A. Cooper" wrote: > Section 4.1.1.4 says "Unfortunately, experience suggests that many > browsers do not perform thorough syntactic checks on certificates, and so > it seems unlikely that browsers will be a reliable way to detect

Re: [Trans] WGLC started for draft-ietf-trans-threat-analysis

draft-ietf-trans-threat-analysis-13 has a number of issues that ought to be fixed before it's published. A. Logs do not check for syntactic misissuance Sections 4.1.1.1 and 4.2.1.1 give the impression that logs check, or ought to check, submitted certificates for syntactic misissuance. Page 20

Re: [Trans] WGLC started for draft-ietf-trans-threat-analysis

On 04/16/2018 05:01 PM, Paul Wouters wrote: Hi, This starts a 3 week WGLC for draft-ietf-trans-threat-analysis Previously, there were some contentious issues regarding the dual CA attack that dkg came up with. The current

[Trans] WGLC started for draft-ietf-trans-threat-analysis

Hi, This starts a 3 week WGLC for draft-ietf-trans-threat-analysis Previously, there were some contentious issues regarding the dual CA attack that dkg came up with. The current version should address all those issues. But since it has been a (very!) long time since this document was discussed