search

SMPTE / st430-5

Other
0 stars 0 forks source link

Update Normative References #1

Closed SteveLLamb closed 1 year ago

SteveLLamb commented 5 years ago

Amend to fix references to 430-1, 430-2, 429-8.

msheby commented 4 years ago

RFC 3280 obsoleted by RFC 5280. RFC 2253 obsoleted by RFC 4514. RFC 4051 obsoleted by RFC 6931. ST 433 has an amendment 1. ST 430-1 has been updated and itself needs another revision. ST 430-2:2006 is now ST430-2:2017 (and still needs another revision). ST 430-3 has been updated and itself needs another revision. ST 430-4 has an amendment 1 and itself needs another revision. ST 430-6 itself needs another revision. ST 429-6 has an amendment 1. ST 429-7 itself needs another revision. ST 429-8 itself needs another revision. Circular dependency between ST 430-5 and ST 430-6.

msheby commented 2 years ago

ST 429-3:2007 has been approved for maintenance, so that will be revised as well.

msheby commented 2 years ago

RFC 6931 obsoleted by RFC 9231.

twechsel commented 2 years ago

The redlined ST430-5 document including changes directed to this issue can be found here: https://smpte.sharepoint.com/:w:/s/21DC-DocumentMaintenance/ETBPfieAa_FKntkCRXEiMSkBRYDmK4yT-3I5k54xRe4tlg?e=NYgsKj

palemieux commented 1 year ago

@twechsel Did you check whether a log created per RFC 4514 was compatible with a log created per RFC 2253? More importantly, RFC 2253 is referenced through [XML-Signature Syntax and Processing]:

The Distinguished Name value in all X509IssuerName elements shall be compliant with RFC 2253 per [XML-Signature Syntax and Processing].

Two observations:

Any opinion? I recall your mentioning that you were co-editors of the spec.

palemieux commented 1 year ago

@twechsel RFC 3280 is not referenced in the prose. Is it (or RFC 5280) needed?

twechsel commented 1 year ago

I recommend deleting RFC 3280/5280. I note it’s also referenced in ST430-4 (Log Record Format Specification), but does not appear in the prose there either.

Tony

From: Pierre-Anthony Lemieux @. Sent: Thursday, January 12, 2023 9:29 AM To: SMPTE/st430-5 @.> Cc: Anthony Wechselberger @.>; Mention @.> Subject: Re: [SMPTE/st430-5] Update Normative References (#1)

@twechsel https://github.com/twechsel RFC 3280 is not referenced in the prose. Is it (or RFC 5280) needed?

— Reply to this email directly, view it on GitHub https://github.com/SMPTE/st430-5/issues/1#issuecomment-1380760278 , or unsubscribe https://github.com/notifications/unsubscribe-auth/ASRTCZVM6K42VDPMGQHNXGTWSA5NJANCNFSM4IYV5ZRA . You are receiving this because you were mentioned.Message ID: @.***>

twechsel commented 1 year ago

I did not check whether a log created under the more recent spec is compatible. Matt Sheby was kind enough to provide most of the updated RFC numbers, and I checked them before just plugging them in.

I was co-editor of the standard, but my contributions were directed to what records were needed, and their contents/exceptions. Bill Elswick was the power house behind all the XML and IETF stuff for both this and the sister spec ST430-4. I don’t have an opinion about what you’ve uncovered, but I’m sure the group would like your recommendation(s). (I did notice that RFC 4514/2253 apparently does not appear in the prose.)

Tony

From: Pierre-Anthony Lemieux @. Sent: Thursday, January 12, 2023 9:28 AM To: SMPTE/st430-5 @.> Cc: Anthony Wechselberger @.>; Mention @.> Subject: Re: [SMPTE/st430-5] Update Normative References (#1)

@twechsel https://github.com/twechsel Did you check whether a log created per RFC 4514 was compatible with a log created per RFC 2253? More importantly, RFC 2253 is referenced through [XML-Signature Syntax and Processing]:

The Distinguished Name value in all X509IssuerName elements shall be compliant with RFC 2253 per [XML-Signature Syntax and Processing].

Two observations:

Any opinion? I recall your mentioning that you were co-editors of the spec.

— Reply to this email directly, view it on GitHub https://github.com/SMPTE/st430-5/issues/1#issuecomment-1380759156 , or unsubscribe https://github.com/notifications/unsubscribe-auth/ASRTCZTBO7SRLOPZNJ4IQBLWSA5JTANCNFSM4IYV5ZRA . You are receiving this because you were mentioned.Message ID: @.***>

twechsel commented 1 year ago

I asked Bill Elswick (who was the editor of ST430-5 and the umbrella st430-4 standard) about this. Bill suggested we could reference RFC4514 directly (and drop the reference to XML-Signature Syntax and Processing), but only once a compatibility match is confirmed with current practice. In other words, confirm that a log created per RFC 4514 is compatible with a log created per RFC 2253.

I found the earlier version of XML-Signature Syntax and Processing that was in effect when st430-5 was written: https://www.w3.org/TR/2002/REC-xmldsig-core-20020212/ . At section 4.4.4 it references RFC2253. The current XML-Sig. version (https://www.w3.org/TR/xmldsig-core1/#sec-X509Data ) references section 2 of RFC4514 in analogous section 4.5.4.1. When I compared the material of RFC4514 section 2 to that of RFC2253 they appear to be the same, but I am not sufficiently qualified in this area to be sure.

So I’m asking implementers to take a look and provide input.

palemieux commented 1 year ago

Addressed at https://github.com/SMPTE/st430-5-private/commit/84dfa0b0d5c3072fb8e06553c22e4c1a60517419.

Few observations:

So I think it is ok to drop the direct reference to RFC 4514 and instead reference the Distinguished Name Encoding Rules of XML digital signature

twechsel commented 1 year ago

Agreed. And I think Matt Sheby was also going to take a look.