[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: draft-ietf-pkix-logotypes-06.txt

To: Denis Pinkas <Denis.Pinkas@xxxxxxxx>
Subject: Re: draft-ietf-pkix-logotypes-06.txt
From: "Housley, Russ" <rhousley@xxxxxxxxxxxxxxx>
Date: Mon, 21 Oct 2002 13:54:00 -0400
Cc: ietf-pkix@xxxxxxx
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <><><>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

Denis:

> I know that you are very busy, but I think that you have not given the
> document a fair reading.  I am not saying that the document is perfect;
> however, the information that you request is in the document.
>
> It says:
>
>     Both direct and indirect addressing accommodate alternative URIs to
>     obtain exactly the same item. This opportunity for replication is
>     intended to improve availability. Therefore, if a client is unable to
>     fetch the item form one URI, the client SHOULD try another URI in the
>     sequence.
>
> And, it says:
>
>     The LogotypeReference, LogotypeImage and LogotypeAudio structures
>     explicitly identify one or more one-way hash functions employed.
>     Clients MUST support the SHA-1 [SHS] one-way hash function, and
>     clients MAY support other one-way hash functions. CAs MUST include a
>     SHA-1 hash value in every logotypes extension, and CAs MAY include
>     other one-way hash values. If more than one is present, clients MUST
>     validate at least one value, and clients MAY ignore other hash
>     values. The client's local policy determines which hash values are
>     validated and which hash values are ignored.

OK. You are right. The information is there but usually when you have an
ASN.1 description, it is much better to describe one by one the components.
We both recognize that the text may be improved. I would therefore recommend
to comment one by one each component

Now, let us pick up the last sentence you quoted:

"The client's local policy determines which hash values are validated and
which hash values are ignored."

This is not the case. The rule is mentionned just in the previous sentence:
" If more than one is present, clients MUST validate at least one value".

This is correct and enough. The remaining of the sentence should be deleted:
"and clients MAY ignore other hash values".

I think that the meaning is clear, but I will be pleased to make it shorter.

> Therefore, your suggestion is inappropriate.  The two sequences need not
> have the same number of entries.  The imageURI sequence contains a list of
> locations where the same image file can be located.  Multiple locations are
> provided to ensure availability.  The imageHash sequence contains a list of
> hash values computed on the image file, and there is one entry for each
> hash algorithm employed.

I originally raised 12 concerns, you picked the second one and argued on it.

Should I understand that you fully agree with the 11 remaining arguments ?

No. At the time, I did not have time to go through them in detail. I will do so this week, factoring in the discussion from others.

Russ

References:
- draft-ietf-pkix-logotypes-06.txt
  - From: Housley, Russ
- Re: draft-ietf-pkix-logotypes-06.txt
  - From: Housley, Russ
- Re: draft-ietf-pkix-logotypes-06.txt
  - From: Housley, Russ
- Re: draft-ietf-pkix-logotypes-06.txt
  - From: Denis Pinkas

Prev by Date: Re: draft-ietf-pkix-logotypes-06.txt
Next by Date: Re: draft-ietf-pkix-logotypes-06.txt
Previous by thread: Re: draft-ietf-pkix-logotypes-06.txt
Next by thread: Re: draft-ietf-pkix-logotypes-06.txt
Index(es):
- Date
- Thread