Re: [Last-Call] [EXTERNAL] Opsdir last call review of draft-ietf-lamps-ocsp-nonce-update-05

Himanshu Sharma <himanshu=40netskope.com@xxxxxxxxxxxxxx> · Thu, 11 Apr 2024 15:27:43 -0700

Hi Susan  Thanks for valuable feedback and suggestions.
I have uploaded the updated draft here https://datatracker.ietf.org/doc/draft-ietf-lamps-ocsp-nonce-update/06/ .

Here is the summary about the changes for NITs.
NIT #1
I referred to a few RFCs and docs that use OIDs in asn.1, explaining the OID encodings. With the example, Our intention is just to explain the correct encoding structure of Nonce, and Nonce value.

NIT #2
Added the format reference as a comment for GeneralizedTime.

NIT #3
Remove the import of ATTRIBUTE.

NIT #4
Remove the "amp;" keyword from asn.1 modules. now they are standard asn.1 type identifiers and id. 

I believe that this updated draft addresses all of your concerns.

-Thanks
Himanshu

On Wed, Apr 10, 2024 at 11:30 AM Susan Hares <shares@xxxxxxxx> wrote:

Himanshu: 

I’m glad I could be helpful! 

Sue 

From: Himanshu Sharma <himanshu@xxxxxxxxxxxx>

Sent: Wednesday, April 10, 2024 2:26 PM

To: Susan Hares <shares@xxxxxxxx>

Cc: ops-dir@xxxxxxxx; draft-ietf-lamps-ocsp-nonce-update.all@xxxxxxxx; last-call@xxxxxxxx; spasm@xxxxxxxx

Subject: Re: [EXTERNAL] Opsdir last call review of draft-ietf-lamps-ocsp-nonce-update-05

Thanks Susan for your time to review the I-D and providing the feedback.

I will work on the suggestion and update the I-D soon.

-Himanshu

On Tue, Apr 9, 2024 at 12:15 PM Susan Hares via Datatracker <noreply@xxxxxxxx> wrote:

Reviewer: Susan Hares

Review result: Has Nits

Status: Ready with NITs

General Statement: Excellent writing and clearly understood by a novice. 

I enjoyed reading the clear ASN.1 syntax in the appendices. 

operational summary:  The key point is that Clients switching from 

[RFC8954] to [draft-ietf-lamps-ocsp-nonce-update-06] will want to 

use a nonce of length 32, and accept an OCSP of 16 octets. 

4 NITS: Main Text (1) Appendix A.1 (1), and Appendix A.2 (2).  

Note that NITS are editorial suggestions. 

1 NITS in Main Text:

The example in section 2 starts with 

 30 2f 06 09 2b 06 01 05 05 07 30 01 02 [hex] 

    Sequence (30) length (2f) {   

       OBJECT Identifier (06) length (09) 

             oscpNonce (1 3 6 1 5 5 7 48 1 2 )

It might be good to explain that (1 3) is the 2b. 

------

#2 NITS in ASN.1 in Section 

It would help the ASN.1 reader to explain in a comment 

associated with the first usage of "generalizedTime" the format of the 

generalized time.  It is a well-defined ASN.1 concept, but 

the reader is assumed to be an IETF reader with less experience

in ASN.1. 

------

#NIT 3, use of ATTRIBUTE as an import. 

In my review of the ASN.1 in Appendix A.2, 

I cannot find a usage of ATTRIBUTE. 

If it is not used, why is it included? 

----- 

#NIT 4, use of @amp;

ResponseBytes ::=       SEQUENCE {

   responseType        RESPONSE.

                           &id ({ResponseSet}),

   response            OCTET STRING (CONTAINING RESPONSE.

                           &Type({ResponseSet}{@responseType}))}

AcceptableResponses ::= SEQUENCE OF RESPONSE.&id({ResponseSet})

I am not familiar with "&id" or "&Type" or @response. 

Please add a comment with the ISO reference for this syntax.

If you wish to be helpful to the reader, it would be  

to explain what this syntax means. 

-- 
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call