Mirja comments #324

richsalz · 2021-03-26T19:19:53Z

This addresses the comments Mirja had during IESG review. No changes were made for the following:

 7) sec 10.3: Couldn’t you use the TLS  SignatureScheme Registry directly (instead of forming an own registry)?

 8) sec 10.4: i Wonder if an RFC-required policy wouldn’t be more appropriate for the VersionedTransTypes registry?

 9) sec 10.6.1:I guess  the registration policy is FCFS? RFC 8126 recommend to always (clearly) name the registry.

And finally one higher level question mainly out of curiosity: was it considered to e.g. use json for all data structures? Is there a performance reason to not do that or wasn’t that even discussed?

Replies:
7 Using the TLS registry is not appropriate, the signatures are for different protocols even though the algorithm is the same
8 No.
9. OID's are FCFS and they're not really a registry.
Finally: signed json structures are complex and time-consuming, in addition to the verbosity over binary structures

google-cla · 2021-03-26T19:20:02Z

Thanks for your pull request. It looks like this may be your first contribution to a Google open source project (if not, look below for help). Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

📝 Please visit https://cla.developers.google.com/ to sign.

Once you've signed (or fixed any issues), please reply here with @googlebot I signed it! and we'll verify it.

What to do if you already signed the CLA

Individual signers

It's possible we don't have your GitHub username or you're using a different email address on your commit. Check your existing CLA data and verify that your email is set on your git commits.

Corporate signers

Your company has a Point of Contact who decides which employees are authorized to participate. Ask your POC to be added to the group of authorized contributors. If you don't know who your Point of Contact is, direct the Google project maintainer to go/cla#troubleshoot (Public version).
The email used to register you as an authorized contributor must be the email used for the Git commit. Check your existing CLA data and verify that your email is set on your git commits.
The email used to register you as an authorized contributor must also be attached to your GitHub account.

ℹ️ Googlers: Go here for more info.

draft-ietf-trans-rfc6962-bis.md

google-cla · 2021-03-30T16:57:29Z

Thanks for your pull request. It looks like this may be your first contribution to a Google open source project (if not, look below for help). Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

📝 Please visit https://cla.developers.google.com/ to sign.

Once you've signed (or fixed any issues), please reply here with @googlebot I signed it! and we'll verify it.

What to do if you already signed the CLA

Individual signers

It's possible we don't have your GitHub username or you're using a different email address on your commit. Check your existing CLA data and verify that your email is set on your git commits.

Corporate signers

Your company has a Point of Contact who decides which employees are authorized to participate. Ask your POC to be added to the group of authorized contributors. If you don't know who your Point of Contact is, direct the Google project maintainer to go/cla#troubleshoot (Public version).
The email used to register you as an authorized contributor must be the email used for the Git commit. Check your existing CLA data and verify that your email is set on your git commits.
The email used to register you as an authorized contributor must also be attached to your GitHub account.

ℹ️ Googlers: Go here for more info.

google-cla · 2021-03-31T16:02:27Z

Thanks for your pull request. It looks like this may be your first contribution to a Google open source project (if not, look below for help). Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

📝 Please visit https://cla.developers.google.com/ to sign.

Once you've signed (or fixed any issues), please reply here with @googlebot I signed it! and we'll verify it.

What to do if you already signed the CLA

Individual signers

It's possible we don't have your GitHub username or you're using a different email address on your commit. Check your existing CLA data and verify that your email is set on your git commits.

Corporate signers

Your company has a Point of Contact who decides which employees are authorized to participate. Ask your POC to be added to the group of authorized contributors. If you don't know who your Point of Contact is, direct the Google project maintainer to go/cla#troubleshoot (Public version).
The email used to register you as an authorized contributor must be the email used for the Git commit. Check your existing CLA data and verify that your email is set on your git commits.
The email used to register you as an authorized contributor must also be attached to your GitHub account.

ℹ️ Googlers: Go here for more info.

google-cla · 2021-03-31T16:03:37Z

Thanks for your pull request. It looks like this may be your first contribution to a Google open source project (if not, look below for help). Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

📝 Please visit https://cla.developers.google.com/ to sign.

Once you've signed (or fixed any issues), please reply here with @googlebot I signed it! and we'll verify it.

What to do if you already signed the CLA

Individual signers

It's possible we don't have your GitHub username or you're using a different email address on your commit. Check your existing CLA data and verify that your email is set on your git commits.

Corporate signers

Your company has a Point of Contact who decides which employees are authorized to participate. Ask your POC to be added to the group of authorized contributors. If you don't know who your Point of Contact is, direct the Google project maintainer to go/cla#troubleshoot (Public version).
The email used to register you as an authorized contributor must be the email used for the Git commit. Check your existing CLA data and verify that your email is set on your git commits.
The email used to register you as an authorized contributor must also be attached to your GitHub account.

ℹ️ Googlers: Go here for more info.

richsalz added 4 commits Mar 26, 2021

Add pointers to Merkle docs

a318681

Explain lack of OID registry

cda11f2

Clarify ignoring SCT extensions

210ae24

Clarification on timeouts and limits

dfc8196

robstradling reviewed Mar 29, 2021

View changes

draft-ietf-trans-rfc6962-bis.md Outdated Show resolved Hide resolved

fixup! Explain lack of OID registry

a95689b

Add clarifying notes to SignatureScheme registry

6beb8d7

robstradling added the LGTM label Apr 12, 2021

robstradling merged commit c1371ac into google:master Apr 14, 2021
1 check failed

richsalz deleted the mirja-comments branch Apr 14, 2021

google / certificate-transparency-rfcs Public

Mirja comments #324

Mirja comments #324

richsalz commented Mar 26, 2021

google-cla bot commented Mar 26, 2021

google-cla bot commented Mar 30, 2021

google-cla bot commented Mar 31, 2021

google-cla bot commented Mar 31, 2021

google / certificate-transparency-rfcs Public

Mirja comments #324

Mirja comments #324

Conversation

richsalz commented Mar 26, 2021

google-cla bot commented Mar 26, 2021

What to do if you already signed the CLA

Individual signers

Corporate signers

google-cla bot commented Mar 30, 2021

What to do if you already signed the CLA

Individual signers

Corporate signers

google-cla bot commented Mar 31, 2021

What to do if you already signed the CLA

Individual signers

Corporate signers

google-cla bot commented Mar 31, 2021

What to do if you already signed the CLA

Individual signers

Corporate signers